Security Engineer, Application Security

Details

About the Team

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. The team is technical in what it builds and operational in how it works, supporting products and research. Team tenets include prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

As a Security Engineer, Application Security you will be responsible for identifying and mitigating security vulnerabilities within software applications through building security tools, performing code reviews, conducting penetration testing, and performing security assessments. You will work closely with development teams to integrate secure coding practices throughout the software development lifecycle (SDLC) and provide security guidance to developers and other stakeholders to foster a culture of security awareness.

The role is preferred to be based in San Francisco, Seattle, or New York City but may consider remote work. OpenAI uses a hybrid work model of 3 days in the office per week.

Responsibilities

• Perform security assessments: conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.
• Develop and implement security tools: design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.
• Collaborate with development teams: work closely with development teams to ensure security best practices are integrated throughout the SDLC, including secure coding guidelines.
• Threat modeling and risk assessment: conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.
• Vulnerability management: track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.
• Incident response support: assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation.
• Stay current on security trends: continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance application security.

Requirements

• Extensive experience in information security, cybersecurity, or a related field; experience in leadership or management roles is mentioned as desirable.
• Deep understanding of security technologies, tools, and best practices, including secure coding practices, threat modeling, risk assessments, and incident response.
• Experience in application security or software development with a strong understanding of secure coding practices and application security frameworks.
• Proficiency in programming languages such as Python, Java, and C++ (examples given).
• Knowledge of security tools such as Burp Suite and OWASP ZAP, and familiarity with security protocols and encryption methods.
• Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences.

Benefits

• Base pay range listed for the role and additional total compensation components (equity, performance bonuses) are provided.
• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts.
• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit).
• 401(k) retirement plan with employer match.
• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks).
• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees.
• 13+ paid company holidays and multiple paid coordinated company office closures, plus paid sick and safe time.
• Mental health and wellness support; employer-paid basic life and disability coverage.
• Annual learning and development stipend.
• Daily meals in offices and meal delivery credits as eligible.
• Relocation support for eligible employees.
• Additional taxable fringe benefits such as charitable donation matching and wellness stipends.

Additional Information

• OpenAI is an equal opportunity employer and provides reasonable accommodations to applicants with disabilities.
• Background checks will be administered in accordance with applicable law for US-based candidates.
• Candidates are provided links to OpenAI’s policies (EEO, privacy) and to request accommodations or report job posting compliance issues.