Security Engineer, Application Security

Details

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. The team is technical in what it builds and operational in how it works, prioritizing impact, enabling researchers, preparing for future transformative technologies, and maintaining a strong security culture.

This role is responsible for identifying and mitigating security vulnerabilities within software applications by building security tools, performing code reviews, conducting penetration testing, and running security assessments. The role partners closely with development teams to integrate secure coding practices throughout the software development lifecycle, provides security guidance to stakeholders, and fosters a culture of security awareness.

Preferred base locations: San Francisco, Seattle, or New York City. Remote work may be considered. The team uses a hybrid model (3 days in office per week). Relocation assistance is offered to eligible new employees.

Responsibilities

• Perform regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.
• Design, develop, and implement security tools, frameworks, and methodologies to protect applications against threats.
• Collaborate with development teams to integrate security best practices into the SDLC, including secure coding guidelines.
• Conduct threat modeling and risk assessments to proactively identify potential risks and define mitigations.
• Track, analyze, and manage application vulnerabilities and provide guidance for remediation efforts.
• Assist with investigating, analyzing, and responding to application-related security incidents; document incident response activities.
• Stay current on security threats, vulnerabilities, and technologies to continuously improve application security measures.

Requirements

• Extensive experience in information security, cybersecurity, or a related field; experience in leadership or management roles is noted as desirable.
• Deep understanding of security technologies, tools, and best practices, including secure coding practices, threat modeling, risk assessments, and incident response.
• Experience in application security, software development, or related areas, with a strong understanding of secure coding practices and application security frameworks.
• Proficiency in programming languages such as Python, Java, and C++ (or similar languages).
• Familiarity with security testing tools such as Burp Suite and OWASP ZAP.
• Strong written and verbal communication skills; ability to explain complex security issues to technical and non-technical audiences.

Benefits & Additional Details

• Compensation range: $325K – $405K (offers equity). Total compensation may include equity, performance-related bonus, and benefits.
• Medical, dental, and vision insurance; HSA contributions; pre-tax FSA accounts; 401(k) retirement plan with employer match.
• Paid parental leave, paid medical and caregiver leave, flexible PTO, paid company holidays, and paid sick/safe time.
• Mental health and wellness support, employer-paid basic life and disability coverage, learning & development stipend, daily meals in offices, and meal credits as eligible.
• Relocation support for eligible employees.
• Background checks will be administered in accordance with applicable law. OpenAI is an equal opportunity employer and provides reasonable accommodations to applicants with disabilities.