Offensive Security Engineer, Agent Security

at OpenAI
๐Ÿ“ United States
๐Ÿ“ Washington, United States
๐Ÿ“ New York City, United States
๐Ÿ“ San Francisco, United States
๐Ÿ“ Seattle, United States
USD 364,500-490,000 per year
SENIOR
โœ… Remote โœ… On-site
โœ… Relocation

SCRAPED

Used Tools & Technologies

Not specified

Required Skills & Competences ?

Security @ 4 Kubernetes @ 4 Linux @ 4 Python @ 4 GitHub @ 4 CI/CD @ 4 Data Science @ 4 Azure @ 4 SRE @ 4 React @ 4 macOS @ 4 Codex @ 4

Details

About the Team

Security is at the foundation of OpenAIโ€™s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAIโ€™s technology, people, and products. The team is technical in what it builds and operational in how it works, and is committed to supporting all products and research at OpenAI. Team tenets include prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

We're seeking an exceptional Principal-level Offensive Security Engineer to challenge and strengthen OpenAI's security posture. This role goes beyond a typical red-team position: you will craft innovative attack simulations, collaborate closely with defensive teams, and influence strategic security improvements across the organization. You will find vulnerabilities and drive their resolution, automate offensive techniques with advanced technologies, and use an attacker perspective to shape security strategy.

This role focuses on continuously testing agent-powered products (for example, Codex and Operator). These systems are rapidly evolving, can perform sensitive actions on behalf of users, and have large, diverse attack surfaces. You will hunt for realistic vulnerabilities that emerge from interactions between applications, infrastructure, and models that power these agentic products.

Responsibilities

  • Continuously hunt for vulnerabilities in interactions between applications, infrastructure, and models powering agentic products.
  • Conduct open-scope red and purple team operations simulating realistic attack scenarios.
  • Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities.
  • Perform comprehensive penetration testing on a diverse suite of products.
  • Leverage advanced automation and OpenAI technologies to optimize offensive security work.
  • Present insightful, actionable findings clearly and compellingly to inspire impactful change.
  • Influence security strategy by providing attacker-driven insights into risk and threat modeling.

Requirements

  • 7+ years of hands-on red team experience or equivalent exceptional accomplishments.
  • Deep expertise conducting offensive security operations within modern technology companies.
  • Experience designing, developing, or testing the security of AI-powered systems.
  • Experience finding, exploiting, and mitigating common vulnerabilities in AI systems (examples listed: prompt injection, leaking sensitive data, confused deputies, dynamically generated UI components).
  • Exceptional skill in code review and identifying novel/subtle vulnerabilities.
  • Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred).
  • Demonstrated mastery assessing complex technology stacks, including:
    • Highly customized Kubernetes clusters
    • Container environments
    • CI/CD pipelines
    • GitHub security
    • macOS and Linux operating systems
    • Data science tooling and environments
    • Python-based web services
    • React-based frontend applications
  • Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts.
  • Excellent coding skills, capable of writing robust tools and automation for offensive operations.
  • Ability to communicate complex technical concepts effectively through compelling storytelling.
  • Proven track record of not only finding vulnerabilities but actively contributing to solutions in complex codebases.

Bonus Points

  • Background or expertise in AI or data science.
  • Prior experience working in tech startups or fast-paced technology environments.
  • Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure.

Benefits & Compensation Notes

  • Listed compensation ranges: $364.5K - $490K (base pay may vary depending on market location, knowledge, skills, and experience). Total compensation may include equity and performance-related bonus(es).
  • Medical, dental, and vision insurance with employer contributions to Health Savings Accounts.
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses.
  • 401(k) with employer match.
  • Paid parental leave, medical and caregiver leave, and flexible PTO policies.
  • 13+ paid company holidays and coordinated office closures.
  • Mental health and wellness support; employer-paid basic life and disability coverage.
  • Annual learning and development stipend.
  • Daily meals in offices and meal delivery credits as eligible.
  • Relocation support for eligible employees.
  • Additional taxable fringe benefits may be provided (charitable donation matching, wellness stipends).

Other Notes

  • OpenAI is an equal opportunity employer and provides reasonable accommodations to applicants with disabilities.
  • Background checks will be administered in accordance with applicable law; details provided about fair chance ordinances for US-based candidates.
  • Candidates can find OpenAI policies and applicant privacy information via provided links in the original posting.