[Remote] Offensive Security Engineer, Agent Products

Note: The job is a remote job and is open to candidates in USA. OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. They are seeking a Principal-level Offensive Security Engineer to conduct deep penetration testing of their agent-powered products and infrastructure, identify vulnerabilities, and collaborate with engineering teams to implement security improvements.

Responsibilities

• Conduct deep penetration tests of OpenAI’s agent-powered products, including web applications, APIs, cloud services, identity and authorization flows, CI/CD systems, and model-integrated product surfaces
• Continuously hunt for exploitable vulnerabilities in the interactions between the applications, infrastructure, tools, and models that power our agentic products
• Perform code review, architecture review, and hands-on exploitation to validate risk and identify subtle or novel failure modes
• Produce clear, actionable findings with reproduction steps, exploitability analysis, impact assessment, and practical remediation guidance
• Partner directly with engineering teams to drive fixes, validate remediation, and improve secure design patterns across agentic products
• Build tools, test harnesses, and automation to scale penetration testing across rapidly evolving product surfaces
• Leverage advanced automation and OpenAI technologies to optimize your offensive security work
• Share attacker-informed insights with security and engineering teams to improve threat models, mitigations, and defensive coverage

Skills

• 7+ years of hands-on penetration testing, product security assessment, application security, cloud security assessment, or equivalent offensive security experience
• Deep expertise finding, exploiting, documenting, and helping remediate vulnerabilities in complex production systems
• Experience performing offensive security assessments of modern technology products, including web applications, APIs, cloud infrastructure, identity systems, CI/CD pipelines, and distributed services
• Experience designing, developing, or assessing the security of AI-powered systems
• Experience finding, exploiting, and mitigating common vulnerabilities in AI systems, including prompt injection, confused deputies, unsafe tool use, and dynamically generated UI components
• Exceptional skill in code review to identify novel and subtle vulnerabilities
• Proven experience performing offensive security assessments in at least one hyperscaler cloud environment. Azure experience is preferred
• Demonstrated mastery assessing complex technology stacks, including: Highly customized Kubernetes clusters, Container environments, CI/CD pipelines, GitHub security, macOS and Linux operating systems, Data science tooling and environments, Python-based web services, React-based frontend applications
• Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts
• Excellent coding skills, capable of writing robust tools and automation for offensive security testing
• Ability to communicate complex technical concepts effectively through clear reports, practical remediation guidance, and compelling technical storytelling
• Proven track record of not just finding vulnerabilities, but actively contributing to solutions in complex codebases
• Background or expertise in AI or data science
• Prior experience working in tech startups or fast-paced technology environments
• Experience in related disciplines such as Software Engineering, Product Security, Application Security, Detection Engineering, Site Reliability Engineering, Security Engineering, or IT Infrastructure

Company Overview

Company H1B Sponsorship