Role Overview

OpenAI is revolutionizing the world with artificial general intelligence (AGI) designed to benefit humanity. At the core of this mission is our Security team, which ensures our technology, people, and products remain secure against evolving threats. As a Security Engineer specializing in Application Security, you'll be at the forefront of identifying and mitigating vulnerabilities in our cutting-edge software applications.

This role demands a technical powerhouse who thrives in building security tools, conducting penetration tests, and embedding secure coding practices into the software development lifecycle (SDLC). You'll collaborate with top-tier development teams in San Francisco, Seattle, or New York City (hybrid model: 3 days/week in office), fostering a culture of security awareness. Remote candidates may be considered for exceptional talent.

With security as the foundation of OpenAI's mission, you'll prioritize impact, enable researchers, prepare for transformative tech, and cultivate robust security practices. If you have deep expertise in app sec, threat modeling, and tools like Burp Suite, this is your chance to shape the secure future of AI.

Key highlights: Senior-level position | $180K-$280K+ equity | Relocation assistance | Hybrid in SF/Seattle/NYC.

Key Responsibilities

As a Security Engineer, Application Security at OpenAI, your impact will be immediate and profound. Here's what you'll tackle daily:

• Perform Comprehensive Security Assessments: Lead code reviews, penetration testing, and vulnerability scans to uncover weaknesses in web, mobile, and AI-driven applications before deployment.
• Develop Cutting-Edge Security Tools: Architect and code custom tools, automation scripts, and frameworks using Python, Java, or C++ to scale security testing across OpenAI's ecosystem.
• Collaborate Across Teams: Partner with engineers to weave security into every SDLC phase, from design to CI/CD pipelines, enforcing OWASP Top 10 compliance.
• Master Threat Modeling: Facilitate sessions to map attack surfaces, predict adversary behaviors, and craft proactive mitigation strategies for AI models and APIs.
• Drive Vulnerability Management: Triage, prioritize, and track fixes using tools like Jira, ensuring SLAs are met and risks are minimized.
• Support Incident Response: Dive into app-sec incidents, perform root-cause analysis, and enhance detection with SIEM integrations.
• Innovate with Emerging Threats: Monitor CVEs, zero-days, and AI-specific risks, adapting defenses for next-gen technologies.
• Mentor and Educate: Deliver training on secure coding, run red-team exercises, and evangelize security best practices organization-wide.
• Automate Security Pipelines: Integrate SAST/DAST/IAST into DevOps workflows for shift-left security.
• Conduct Risk Assessments: Quantify business risks from vulnerabilities and recommend controls aligned with frameworks like NIST or MITRE ATT&CK.
• Enhance Secure Architecture: Review designs for new features, ensuring encryption, auth, and access controls are bulletproof.
• Report and Metrics: Build dashboards tracking security posture, KPIs, and trends for leadership visibility.
• Research AI Sec Novelty: Explore unique threats like model poisoning or prompt injection, pioneering defenses.
• Compliance Alignment: Support audits for SOC 2, GDPR, ensuring app security meets global standards.

Expect a dynamic role where your work directly protects AGI from real-world adversaries.

Qualifications

To excel as OpenAI's Security Engineer, Application Security, bring these credentials:

• 7+ years in cybersecurity with 3+ years focused on application security leadership.
• Expertise in secure coding across Python, Java, C++, Node.js; battle-tested in production environments.
• Proficiency with Burp Suite Pro, OWASP ZAP, Snyk, Veracode for pentesting and scanning.
• Hands-on threat modeling using STRIDE, PASTA, or attack trees.
• Experience integrating security into Agile/DevOps pipelines (GitHub Actions, Jenkins).
• Strong incident response background, including forensics with tools like Wireshark.
• Deep knowledge of web/app protocols (OAuth, JWT, TLS 1.3, HTTP/3).
• Communication prowess: Translate vulns into executive reports and dev-friendly fixes.
• BS/MS in Computer Science, Cybersecurity, or equivalent; certs like OSCP, CSSLP a plus.
• Passion for AI security challenges like adversarial ML attacks.
• Team player who thrives in fast-paced, innovative settings.

Salary & Benefits

Salary Range: $180,000 - $280,000 USD base (yearly), plus significant equity, bonuses, and perks. Total comp can exceed $400K+ for top performers.

OpenAI's benefits package is industry-leading:

• Comprehensive medical, dental, vision with 100% premium coverage.
• 401(k) with 4%+ match and immediate vesting.
• Unlimited PTO + 20 weeks parental leave.
• Hybrid flexibility + full relocation (housing, moving costs).
• $10K+ annual L&D stipend (OSCP, conferences).
• Wellness: Gym, therapy, meditation apps.
• Onsite perks: Chef-prepared meals, unlimited snacks.
• Equity in OpenAI – own the mission.
• Volunteer PTO + donation matching.
• Cutting-edge hardware/software budget.

Why Join OpenAI?

OpenAI isn't just a job; it's a mission to ensure AGI benefits humanity. Our Security team operates at the intersection of cybersecurity and world-changing AI. Work with brilliant minds on unprecedented challenges like securing superintelligent systems.

SF-based with global impact, hybrid culture emphasizes collaboration and innovation. We've built ChatGPT, DALL-E – now protect the next frontier. Competitive comp, equity upside, and a culture prioritizing impact over bureaucracy.

Tenets: Prioritize impact, enable researchers, future-proof security, robust culture. Join pioneers defining AI safety.

How to Apply

Ready to secure AGI? Submit your resume, GitHub/portfolio, and a note on your favorite app-sec exploit mitigation. OpenAI hiring is rigorous but rewarding. We review applications weekly – apply today!

EEO: OpenAI is proud to be an equal opportunity employer.