Systems Software Engineer, Security, First-Party Hardware

Details

OpenAI's Hardware organization develops silicon, systems, and platform infrastructure designed for the unique demands of advanced AI workloads. The First-Party Hardware team works across accelerators, servers, racks, firmware, manufacturing, deployment, and operations to build AI-native compute systems for OpenAI's supercomputing infrastructure. Security is a foundational property of these systems, spanning how devices are designed, provisioned, enrolled, operated, serviced, and retired.

Role overview

You will own the end-to-end security foundation for OpenAI's first-party AI hardware systems, working across hardware security, embedded security, system security, and practical deployment at data center scale. Partner with silicon, hardware, firmware, infrastructure, manufacturing, operations, and security teams to define and deliver system-level device trust, including boot integrity, device identity, provisioning, attestation, management-plane security, storage encryption, debug controls, firmware update and recovery, RMA, and decommissioning. Be accountable for turning threat models into requirements, requirements into implementation, and implementation into validation evidence that can support launch decisions.

Location: San Francisco, CA (Hybrid: 3 days/week onsite)

Relocation assistance available.

To comply with U.S. export control laws and regulations, candidates for this role may need to meet certain legal status requirements as provided in those laws and regulations.

Responsibilities

• Own security requirements, threat models, validation strategy, and launch-readiness evidence for first-party hardware platforms from early design through production deployment.
• Design and review secure boot, measured boot, roots of trust, platform firmware resilience, firmware signing, recovery, and anti-rollback strategies across heterogeneous devices.
• Own device identity, provisioning, enrollment, attestation, certificate lifecycle, and key-management requirements across manufacturing and data center bring-up.
• Harden management interfaces and operational access paths across BMCs, hosts, accelerators, switches, and service tooling, including TLS/mTLS, Redfish, gNMI, SSH, syslog, and break-glass workflows.
• Drive security requirements for manufacturing, supply chain, firmware/image signing, storage encryption, RMA, repair, and decommissioning processes.
• Build and drive validation for security-critical hardware and firmware behavior, including debug lockout, lifecycle transitions, update paths, attestation evidence, and recovery flows.
• Partner with vendors and contract manufacturers to turn security requirements into concrete deliverables, test evidence, and launch gates.
• Drive end-to-end closure across design, implementation, manufacturing readiness, deployment readiness, fleet operations, and incident response when security issues arise.
• Investigate hardware and firmware security issues, assess exploitability and operational risk, and drive durable fixes with engineering owners.

Requirements

• 7+ years of hands-on experience, or exceptional accomplishments demonstrating equivalent expertise, in hardware security, embedded security, firmware security, platform security, or low-level systems security.
• Experience shipping or securing real hardware platforms, embedded devices, servers, accelerators, networking systems, BMCs, bootloaders, BIOS/UEFI, RTOS, kernels, or firmware update systems.
• Deep familiarity with secure boot, measured boot, TPMs, hardware roots of trust, device attestation, key provisioning, debug interfaces, firmware signing, recovery, or lifecycle-state design.
• Strong applied-cryptography judgment for secure boot, attestation, TLS/mTLS, key storage, certificate lifecycle, storage encryption, and long-range transitions such as post-quantum readiness.
• Ability to read and write systems code in C, C++, or Rust and to use that skill to review, prototype, test, or debug security-critical behavior.
• Comfort with hardware-software interfaces such as SPI, I2C, SMBus, PCIe, UART, JTAG, SWD, GPIOs, TPMs, and board-level debug tools.
• Proven track record driving security improvements with hardware, firmware, infrastructure, manufacturing, operations, and partner teams.
• Experience owning broad, ambiguous security programs end to end, including translating risk into technical requirements, validation plans, and accountable engineering decisions.
• Clear written and verbal communication, with the ability to turn ambiguous security risks into actionable requirements, design reviews, tests, and decisions.

Benefits

• Base pay range: $266,000 - $445,000 (role offers equity in addition to base pay).
• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts.
• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit).
• 401(k) retirement plan with employer match.
• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks).
• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees.
• 13+ paid company holidays and coordinated company office closures, plus paid sick or safe time as required by law.
• Mental health and wellness support.
• Employer-paid basic life and disability coverage.
• Annual learning and development stipend.
• Daily meals in offices and meal delivery credits as eligible.
• Relocation support for eligible employees.
• Additional taxable fringe benefits such as charitable donation matching and wellness stipends.

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. We are an equal opportunity employer and provide reasonable accommodations to applicants with disabilities.