Key skills
Offensive security operationsPenetration testingVulnerability assessmentCloud security (Azure)Kubernetes expertiseCI/CD pipelinesPython programmingCode reviewPythonAIArtificial IntelligenceOpenAIAgenticReactAzureKubernetesGitHubCI/CDPenetration Testing
About this role
OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. They are seeking a Principal-level Offensive Security Engineer to enhance OpenAI's security posture by engaging in attack simulations, collaborating with defensive teams, and driving the resolution of vulnerabilities in their products.
Responsibilities:
- Continuously hunt for vulnerabilities in the interactions between the applications, infrastructure, and models that power our agentic products
- Conduct open-scope red and purple team operations, simulating realistic attack scenarios
- Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities
- Perform comprehensive penetration testing on our diverse suite of products
- Leverage advanced automation and OpenAI technologies to optimize your offensive security work
- Present insightful, actionable findings clearly and compellingly to inspire impactful change
- Influence security strategy by providing attacker-driven insights into risk and threat modeling
Requirements:
- 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise
- Deep expertise conducting offensive security operations within modern technology companies
- Experience designing, developing, or testing assessing the security of AI-powered systems
- Experience working finding, exploiting and mitigating common vulnerabilities in AI systems like prompt injection, leaking sensitive data, confused deputies, and dynamically generated UI components
- Exceptional skill in code review, identifying novel and subtle vulnerabilities
- Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred)
- Demonstrated mastery assessing complex technology stacks, including: Highly customized Kubernetes clusters, Container environments, CI/CD pipelines, GitHub security, macOS and Linux operating systems, Data science tooling and environments, Python-based web services, React-based frontend applications
- Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts
- Excellent coding skills, capable of writing robust tools and automation for offensive operations
- Ability to communicate complex technical concepts effectively through compelling storytelling
- Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases
- Background or expertise in AI or data science
- Prior experience working in tech startups or fast-paced technology environments
- Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure