← Back to list
Job

Offensive Security Engineer, Agent Products

Security Engineer • Remote • Full-time • 📍 Remote - US

OpenAI is looking for a Principal-level Offensive Security Engineer to run deep, hands-on penetration tests of its agent-powered products (like Codex and Operator), infrastructure, and model-integrated surfaces.

Responsibilities

  • Conduct deep penetration tests of web applications, APIs, cloud services, identity/authorization flows, and CI/CD systems
  • Continuously hunt for exploitable vulnerabilities in the interactions between applications, infrastructure, tools, and models
  • Perform code review, architecture review, and hands-on exploitation to validate risk
  • Produce clear, actionable findings with reproduction steps, impact assessment, and remediation guidance
  • Partner with engineering teams to drive fixes and improve secure design patterns
  • Build tools, test harnesses, and automation to scale penetration testing
  • Share attacker-informed insights to improve threat models and defensive coverage

Requirements

  • 7+ years of hands-on penetration testing or offensive security experience
  • Deep expertise finding, exploiting, and helping remediate vulnerabilities in complex production systems
  • Experience assessing modern technology products: web apps, APIs, cloud infrastructure, identity systems, and CI/CD pipelines
  • Experience designing or assessing the security of AI-powered systems
  • Experience with vulnerabilities specific to AI systems, including prompt injection, confused deputies, and unsafe tool use
  • Exceptional code review skills to identify novel and subtle vulnerabilities
  • Offensive security assessment experience in at least one hyperscaler cloud (Azure preferred)
  • Mastery across complex stacks: Kubernetes, containers, CI/CD pipelines, GitHub, macOS/Linux, Python backends, React frontends

Nice to have

  • Background or expertise in AI or data science
  • Experience in tech startups or fast-paced technology environments
  • Experience in related disciplines: software engineering, application security, detection engineering, SRE, IT infrastructure

Soft skills

Strong intuitive understanding of trust boundaries and risk assessment in dynamic contextsCommunicates complex technical concepts clearly through reports and compelling storytellingGoes beyond finding vulnerabilities to actively driving solutions in complex codebases

About the company

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

Similar jobs