Role Overview

OpenAI is revolutionizing the world with artificial general intelligence (AGI), and security is the bedrock of our mission to benefit all humanity. As a Security Engineer specializing in Application Security, you'll safeguard our cutting-edge technology, products, and research from evolving threats. Based in the heart of New York City—or with hybrid options in San Francisco or Seattle—this role demands technical prowess in building security tools, conducting penetration tests, and embedding secure practices into every line of code.

Our Security team operates with a unique blend of technical innovation and operational excellence. We prioritize high-impact work, empower researchers, prepare for transformative tech, and cultivate a robust security culture. You'll collaborate with world-class developers to prevent vulnerabilities before they arise, ensuring OpenAI's applications are fortress-like against attacks. With relocation support and a hybrid model (3 days in-office), this is your chance to work at the intersection of AI and cybersecurity.

Key focus areas include vulnerability assessments, threat modeling, and incident response. If you thrive on dissecting complex systems, scripting custom tools in Python or Java, and wielding tools like Burp Suite, this senior-level role at OpenAI is calling your name. Experience secure coding in modern web apps? You'll integrate security seamlessly into the SDLC, fostering awareness across teams.

Key Responsibilities

As a Security Engineer, Application Security, your impact will be immediate and profound. Here's what you'll tackle daily:

• Perform comprehensive security assessments, including code reviews, penetration testing, and vulnerability scans to uncover hidden weaknesses in OpenAI's applications.
• Design and develop bespoke security tools, frameworks, and automation scripts to fortify applications against sophisticated threats like injection attacks, XSS, and API exploits.
• Partner closely with engineering teams to weave security best practices into the entire software development lifecycle (SDLC), from design to deployment.
• Lead threat modeling workshops, identifying risks through STRIDE or PASTA methodologies and crafting proactive mitigation strategies.
• Oversee vulnerability management: triage findings from SAST/DAST tools, prioritize based on CVSS scores, and guide remediation with clear playbooks.
• Support incident response for app-sec incidents, from root cause analysis using tools like Wireshark to post-mortem documentation and prevention measures.
• Monitor emerging threats via sources like CVE databases, OWASP Top 10 updates, and contribute to internal security intelligence.
• Deliver security training sessions, code clinics, and architecture reviews to elevate developer skills and organizational hygiene.
• Implement secure coding standards, enforce encryption (TLS 1.3, AES-256), and audit third-party dependencies with tools like Snyk or Dependabot.
• Build CI/CD security gates, automating scans with GitHub Actions or Jenkins to catch issues early.
• Conduct red team exercises simulating real-world attacks on production-like environments.
• Collaborate on security architecture for AI/ML models, addressing unique risks like model poisoning or data leakage.
• Maintain detailed reports on security posture, metrics, and trends for leadership briefings.

These responsibilities ensure OpenAI stays ahead of adversaries in the high-stakes world of AGI development.

Qualifications

To excel, you'll bring senior-level expertise. Ideal candidates have:

• 5+ years in infosec/cybersecurity, with 2+ years leading app-sec initiatives.
• Deep expertise in app-sec frameworks (OWASP, NIST, MITRE ATT&CK).
• Proficiency in Python, Java, C++, Go for tool development and scripting.
• Hands-on mastery of Burp Suite Pro, OWASP ZAP, Metasploit, Nmap.
• Proven track record in threat modeling, secure SDLC, and zero-trust architectures.
• Experience with cloud sec (AWS, GCP) and container security (Docker, Kubernetes).
• Strong communicator who demystifies risks for devs, PMs, and execs.
• Familiarity with AI/ML security challenges like adversarial attacks.
• Certifications like OSCP, CSSLP, or GIAC GWEB a plus.

If this sounds like you, you're primed to thrive at OpenAI.

Salary & Benefits

Compensation reflects your expertise: estimated $185,000–$265,000 USD base, plus equity, bonuses, and perks. Benefits include top-tier health coverage, 401(k) match, unlimited PTO, hybrid flexibility, relocation aid, meals, wellness stipends, parental leave, and more. OpenAI invests in your growth with learning budgets and conference access.

Why Join OpenAI?

OpenAI isn't just a job—it's a mission. Work with pioneers shaping AGI for humanity's benefit. Our NYC office buzzes with innovation, offering unparalleled scale and impact. Enjoy a culture of trust, autonomy, and bold ideas. Security here means protecting the future. With rapid growth, your career will accelerate amid the best talent in tech.

Perks like complimentary meals, gym reimbursements, and volunteer matching amplify work-life balance. Join a team that's operational yet visionary, enabling breakthroughs while staying secure.

How to Apply

Ready to secure AGI's promise? Submit your resume, GitHub/portfolio, and a note on your favorite app-sec win. We review applications continuously—apply now via our careers portal. OpenAI is an equal opportunity employer; we value diversity.

Keywords: Security Engineer Application Security OpenAI New York, AppSec jobs NYC, Penetration Testing careers AI.