Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 6
Software Development @ 6
API @ 3
ChatGPT @ 3
Codex @ 3
AI @ 3
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
The Product Policy team develops, implements, enforces, and communicates the policies that govern use of OpenAI’s services, including ChatGPT, Codex, GPTs, and the OpenAI API. This cyber-focused role defines how OpenAI enables legitimate cybersecurity work while reducing the risk that products are misused for cyber abuse. The role sits at the intersection of AI capability, cybersecurity practice, and abuse prevention: helping defenders use OpenAI’s tools effectively while setting clear boundaries against malicious cyber activity.
Responsibilities
- Provide cyber policy advice to technical and product teams based on a deep understanding of model capabilities, product architecture, abuse pathways, defensive security use cases, and the practical needs of cybersecurity teams.
- Evaluate cyber-relevant product launches and model capabilities, assessing how they may support legitimate security work and how they could be misused by malicious or irresponsible actors.
- Translate cyber threat risk into clear product requirements, launch guidance, enforcement standards, user-facing policy, and internal implementation guidance.
- Develop operationalizable standards, enforcement protocols, and escalation paths for cyber abuse scenarios, including vulnerability exploitation, credential abuse, social engineering, malware enablement, phishing, data exfiltration, and misuse of security automation.
- Partner with safety, security, product, engineering, research, legal, operations, communications, and global affairs teams to make principled, timely decisions about cyber risk in high-ambiguity situations.
- Help build scalable policy frameworks for dual-use cyber capabilities, including where to draw boundaries between beneficial security research, defensive operations, and harmful cyber activity.
Requirements
- 5+ years of experience, or equivalent depth, in one or more of: cybersecurity, security engineering, threat intelligence, incident response, abuse investigations, detection engineering, product policy, cyber policy, trust and safety, or a closely related field.
- Strong technical fluency in one or more cyber domains such as vulnerability management, malware analysis, threat intelligence, incident response, phishing and credential abuse, detection engineering, secure software development, cloud security, identity and access management, or security automation.
- Understanding of the modern cyber threat environment, including attacker tradecraft, defender detection and response, and how AI can create defensive value and misuse risk.
- Ability to evaluate dual-use cyber capabilities with nuance and to distinguish between legitimate security research, authorized defensive activity, risky automation, and malicious behavior.
- Strong written and verbal communications skills; ability to translate ambiguous technical risk into practical decisions, requirements, and guidance for product managers, engineers, researchers, executives, and policy stakeholders.
- Comfortable building new policy frameworks, processes, and decision criteria in ambiguous or fast-moving areas, and using data, threat intelligence, user feedback, and operational signals to improve policy quality and measure effectiveness.
Location & Working Model
This role is based in San Francisco, CA. OpenAI uses a hybrid work model (3 days in office per week) and offers relocation assistance to new employees.
About OpenAI
OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. Background checks will be administered in accordance with applicable law; qualified applicants with arrest or conviction records will be considered consistent with applicable fair chance laws.
Benefits
- Medical, dental, and vision insurance with employer contributions to Health Savings Accounts
- Pre-tax accounts (Health FSA, Dependent Care FSA) and commuter benefits
- 401(k) retirement plan with employer match
- Paid parental leave and paid medical/caregiver leave
- Flexible PTO and paid company holidays/office closures
- Mental health and wellness support; employer-paid basic life and disability coverage
- Annual learning and development stipend
- Daily meals in offices and meal delivery credits as eligible
- Relocation support for eligible employees
- Additional taxable fringe benefits (charitable donation matching, wellness stipends)