OpenAI is pushing artificial intelligence to unprecedented scale. We have a large cloud footprint and run some of the biggest Kubernetes clusters in the world. As our scale has grown, so has the surface area we need to protect. While advanced AI can benefit the world, in the wrong hands, it can also be used maliciously.
Your job will be to protect our work from those who seek to misuse it.
As a Security Engineer, you will help scale the security program at OpenAI. Your technical expertise is second only to your integrity and passion for security and technology. You will work alongside a diverse team of engineers, developers, and security advisers to design, architect, and drive security improvements across OpenAI. We are a small company, and intend to stay small: as an early member of the information security team, the decisions you make today will have significant impact on the organization today and into the future.
We’re looking for an engineer who wishes to work on a mix of security, software, and infrastructure challenges while growing their skills in the detection and response space.
- Empower OpenAI's AI researchers and developers to do their best work securely.
- Contribute to the technical architecture and implementation of OpenAI’s detection and response pipelines.
- Build and deploy centralized logging and alerting infrastructure to proactively identify malicious threats.
- Develop, measure, and tune detection rules to ensure effective and sustainable incident response.
- Design, architect, and implement defensive security controls across endpoints (macOS, Windows), servers (Linux), and SaaS/self-hosted applications.
- Collaborate with your fellow security engineers to drive improvements across identity access and management (IAM), device management, productivity software, and our use of public cloud environments (e.g. AWS, Microsoft Azure).
You may be a fit for this role if you have:
- 3+ years of experience in security or a security-adjacent field, with an interest in becoming adept at detection and response.
- Experience working with security logging pipelines (e.g. Splunk, ELK, SumoLogic).
- Experience deploying and managing endpoint security solutions (e.g. osquery, EDR tools).
- Experience with public cloud providers (e.g. Amazon AWS, Microsoft Azure) and a desire to become adept at protecting Azure and our internal application infrastructure.
- Knowledge of modern adversary tactics, techniques, and procedures.
- Ability to empathize and collaborate with colleagues, independently manage and run projects, and prioritize efforts for risk reduction.
- Intermediate or better proficiency with a scripting language (e.g. Python, Bash, PowerShell, or similar)
- Health, dental, and vision insurance for you and your family
- Unlimited time off (we encourage 4+ weeks per year)
- Parental leave
- Flexible work hours
- Lunch and dinner each day
- 401(k) plan with matching