Security Engineer - Offensive Security Team - Remote

Overview

We're seeking an exceptional Security Engineer on the Offensive Security team to challenge and strengthen OpenAI's security posture.

In Short

• Conduct open-scope red and purple team operations, simulating realistic attack scenarios.
• Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities.
• Perform comprehensive penetration testing on our diverse suite of products.
• Leverage advanced automation and OpenAI technologies to optimize your offensive security work.
• Present insightful, actionable findings clearly and compellingly to inspire impactful change.
• Influence security strategy by providing attacker-driven insights into risk and threat modeling.

Requirements

• 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise.
• Deep expertise conducting offensive security operations within modern technology companies.
• Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred).
• Demonstrated mastery assessing complex technology stacks, including Kubernetes clusters, container environments, CI/CD pipelines, GitHub security, macOS and Linux operating systems, data science tooling, Python-based web services, and React-based frontend applications.
• Exceptional skill in code review, identifying novel and subtle vulnerabilities.
• Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts.
• Excellent coding skills, capable of writing robust tools and automation for offensive operations.
• Ability to communicate complex technical concepts effectively through compelling storytelling.
• Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases.

Benefits

• Opportunity to work remotely or receive relocation assistance.
• Engage in innovative attack simulations.
• Collaborate closely with defensive teams.
• Drive resolution of vulnerabilities.
• Shape security strategy with unique attacker perspective.