Senior Security Engineer, Detection & Response
San Francisco /
OpenAI is pushing artificial intelligence to an unprecedented scale. We have a large cloud footprint and run some of the biggest Kubernetes clusters in the world. As our scale has grown, so has the surface area we need to protect. While advanced AI can benefit the world, in the wrong hands, it can be used maliciously. Your job will be to protect our work from those who seek to misuse it.
As an experienced Security Engineer, you will help jump-start the security program at OpenAI. Your technical expertise is second only to your integrity and passion for security and technology. You will work alongside a diverse team of engineers, developers, and security advisers to design, architect, and drive security posture changes for OpenAI. We are a small company and we want to stay small: as an early member of the information security team, the decisions you make today will have a large impact on the company today and into the future.
We’re looking for someone with a broad knowledge of both security and systems. This is a senior role, and we’re looking for someone who has experience with a wide variety of real-world issues.
- Influence the technical roadmap for OpenAI’s detection and response capabilities while collectively owning implementation with your fellow security engineers.
- Develop our information security roadmap in collaboration with OpenAI’s researchers, developers, and IT team.
- Design, architect, and implement defensive security controls across endpoints (macOS, Windows), servers (Linux), and SaaS/self-hosted applications.
- Develop and deploy centralized logging and alerting infrastructure to proactively identify malicious threats.
- Collaborate with engineering teams to improve security for identity access and management (IAM), device management, productivity software, and public cloud service providers (e.g. Amazon AWS, Microsoft Azure).
We're seeking a mixture of the following experience:
- 3+ years of direct information security experience with deep involvement in protecting one or more operating system platforms (Windows or macOS) and a willingness to become an expert in protecting MacOS.
- Experience implementing and maintaining enterprise logging pipelines (e.g. Splunk, Kibana, SumoLogic).
- Experience deploying and managing endpoint security solutions (e.g. osquery, EDR tools).
- Experience with public cloud service providers (e.g. Amazon AWS, Microsoft Azure) and a willingness to become an expert in protecting Azure and our internal application infrastructure.
- Strong knowledge of modern adversary tactics, techniques, and procedures.
- Ability to empathize and collaborate with colleagues, independently manage and run projects, and ruthlessly prioritize efforts for risk reduction.
- Intermediate or better proficiency with a scripting language (e.g. Python, PowerShell, Bash, or similar).
We’re building safe Artificial General Intelligence (AGI), and ensuring it leads to a good outcome for humans. We believe that unreasonably great results are best delivered by a highly creative group working in concert. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
This position is subject to a background check for any convictions directly related to its duties and responsibilities. Only job-related convictions will be considered and will not automatically disqualify the candidate. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
- Health, dental, and vision insurance for you and your family
- Unlimited time off (we encourage 4+ weeks per year)
- Parental leave
- Flexible work hours
- Lunch and dinner each day
- 401(k) plan