Security Engineer, Application Security

Details

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. The team is technical in what it builds and operational in how it does its work, supporting products and research across the company.

This role will identify and mitigate security vulnerabilities within software applications through building security tools, performing code reviews, penetration testing, and conducting security assessments. The role partners closely with development teams to integrate secure coding practices throughout the software development lifecycle and provides security guidance to developers and other stakeholders. The role is preferred to be based in San Francisco, Seattle, or New York City but may consider remote work. OpenAI uses a hybrid work model of three days in the office per week and offers relocation assistance to eligible new employees.

Responsibilities

• Perform security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.
• Design, develop, and implement security tools, frameworks, and methodologies to protect applications against threats.
• Collaborate with development teams to integrate security best practices throughout the SDLC, including secure coding guidelines.
• Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.
• Track, analyze, and manage vulnerabilities in applications; provide guidance and support for remediation efforts.
• Assist in investigating, analyzing, and responding to security incidents related to applications; ensure timely resolution and documentation.
• Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance application security.

Requirements

• Experience in information security, cybersecurity, or a related field; experience in application security, software development, or related areas.
• Deep understanding of security technologies, tools, and best practices, including secure coding practices, threat modeling, risk assessments, and incident response.
• Proficiency in programming languages such as Python, Java, C++ (examples cited in the posting).
• Familiarity with security tools such as Burp Suite and OWASP ZAP, and knowledge of security protocols and encryption methods.
• Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences.

Benefits

• Base pay range listed: $325,000 – $405,000 (offers equity; total compensation includes equity, performance-related bonus for eligible employees, and benefits).
• Medical, dental, and vision insurance with employer contributions to Health Savings Accounts; other pre-tax accounts (Health FSA, Dependent Care FSA, commuter benefits).
• 401(k) with employer match.
• Paid parental leave, paid medical and caregiver leave, flexible PTO and paid holidays; sick and safe time.
• Mental health and wellness support; employer-paid basic life and disability coverage.
• Annual learning and development stipend; daily meals in offices and meal delivery credits as eligible.
• Relocation support for eligible employees.
• Background checks administered in accordance with applicable law; reasonable accommodations for applicants with disabilities.