Senior Security Engineer
OpenAI is pushing artificial intelligence to unprecedented scale. We have a large cloud footprint and run some of the biggest Kubernetes clusters in the world. As our scale has grown, so has the surface area we need to protect. While advanced AI can benefit the world, in the wrong hands, it can also be used maliciously.
Your job will be to protect our work from those who seek to misuse it.
As an experienced Security Engineer, you will help jump-start the security program at OpenAI. Your technical expertise is second only to your integrity and passion for security and technology. You will work alongside a diverse team of engineers, developers, and security advisers to design, architecture, and drive security posture changes for OpenAI. We are a small company and we want to stay small: as an early member of the information security team, the decisions you make today will have a large impact on the company today and into the future.
We’re looking for someone with a broad knowledge of both security and systems. This is a senior role, and we’re looking for someone who has experience with a wide variety of real-world issues.
- Develop our information security roadmap with OpenAI’s researchers, developers, and IT team.
- Develop and implement a broad security awareness program for employees to mitigate phishing risks and increase reporting of anomalous activity.
- Design, architect, and implement defensive security controls across endpoints (MacOS, Windows), servers (Linux), and SAAS/self-hosted applications.
- Develop and deploy centralized logging and alerting infrastructure to proactively identify malicious threats.
- Collaborate with engineering teams to improve security for identity access and management (IAM), device management, and public cloud service providers (e.g. Amazon AWS, Microsoft Azure).
- Design, architect, and implement defensive security controls for e-mail (SPF, DKIM, DMARC, attachment sandboxing, etc.) and other collaboration applications.
You may be a fit for this role if you have:
- 3+ years of direct information security experience with deep exposure in protecting one or more operating system platforms (Windows or MacOS) and a willingness to become an expert in protecting MacOS.
- Experience with public cloud service providers (e.g. Amazon AWS, Microsoft Azure) and a willingness to become an expert in protecting Azure and our internal application infrastructure.
- Strong knowledge of modern adversary tactics, techniques, and procedures.
- Ability to empathize and collaborate with colleagues, independently manage and run projects, and ruthlessly prioritize efforts for risk reduction.
- Intermediate or better proficiency with a scripting language (e.g. PowerShell, Bash, Python, or similar).
- Experience building and maintaining enterprise logging pipelines (e.g. Splunk, Kibana, SumoLogic).
We’re building safe Artificial General Intelligence (AGI), and ensuring it leads to a good outcome for humans. We believe that unreasonably great results are best delivered by a highly creative group working in concert. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
This position is subject to a background check for any convictions directly related to its duties and responsibilities. Only job-related convictions will be considered and will not automatically disqualify the candidate. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Health, dental, and vision insurance for you and your family
Unlimited time off (we encourage 4+ weeks per year)
Flexible work hours
Lunch and dinner each day