← Back to list
Job

Security Engineer, Detection and Response

Security Engineer • Remote • Full-time • 📍 Sydney

As a Detection & Response Security Engineer, you'll help protect OpenAI's most sensitive assets by building and operating the systems used to detect suspicious activity and respond effectively. You'll work across endpoints, identity, cloud, hyperscale compute infrastructure, and datacenter-adjacent layers, partnering closely with security and infrastructure teams.

Responsibilities

  • Build and evolve Detection & Response capabilities across OpenAI's infrastructure, products, and research environments, emphasizing high-signal detection and reliable operational response
  • Engineer detection pipelines and tooling: rule lifecycle management, measurement/quality loops (coverage, precision, latency), tuning processes, and safe rollout patterns
  • Automate response and investigations: build workflows that reduce toil (triage, enrichment, containment, evidence capture) and improve time-to-understand/time-to-contain
  • Partner with other Security teams and system/infrastructure owners to ensure new systems ship with the right telemetry, threat models, and response playbooks from day one
  • Define D&R requirements and drive visibility across endpoints, identity, SaaS, cloud, and Kubernetes: identify telemetry/control gaps, prioritize them, and advocate for fixes
  • Evaluate and respond to emergent security concerns in a frontier AI lab environment, such as detection and response strategies for agents operating across infrastructure at scale

Requirements

  • Hands-on threat detection and/or incident response experience, including building detections, running investigations, and improving operational playbooks
  • Understanding of modern adversary tradecraft (TTPs) and the ability to translate it into practical detection strategies and response actions
  • A threat modeling mindset: evaluating new infrastructure or features, identifying D&R implications, and turning them into concrete requirements for teams shipping the system
  • Experience working in Kubernetes/containerized environments, including building detections from cluster telemetry and understanding common failure and attack modes
  • Comfort reasoning about lower-level infrastructure and datacenter risks, such as firmware/BMC surfaces and network segmentation/telemetry
  • Experience across major cloud platforms (Azure, AWS, GCP, OCI), able to design cloud-agnostic detection approaches
  • Building automation that replaces repetitive D&R work, including thoughtful use of agent-style workflows, while keeping outcomes measurable, auditable, and safe
  • Clear communication and collaboration across teams, translating D&R needs into clear requirements
  • Comfort with scripting and using AI/agent tooling to accelerate investigations and automation

Soft skills

Communication and stakeholder managementCuriosity about new problem areasThreat modeling mindsetCollaboration with technical and non-technical partners

About the company

OpenAI's Security team protects the company's most sensitive assets — including intellectual property, customer data, and the infrastructure that supports them — technical in what they build, operational in how they work, supporting every product and research effort.

Similar jobs