Enterprise Security Engineer

About the Role

The IT team at OpenAI is a small and nimble group, well-supported and well-resourced, with a mandate to deliver a world-class enterprise security program. As an Enterprise Security Engineer, you will be responsible for implementing and managing the security of OpenAI's internal systems and processes, working closely with the IT and Security teams to develop security capabilities, enforce security policies, and monitor internal systems for security threats.

What You Will Do

• Develop and implement security measures to protect the company's information assets against unauthorized access, disclosure, or misuse.
• Monitor internal and external systems for security threats and respond to alerts.
• Contribute to and enforce the company's IT and Security policies and procedures.
• Work closely with the IT department to harden the infrastructure using best practices in AzureAD, GSuite, Github, and other SaaS tooling.
• Advise employees on best practices for maintaining the security of their endpoints, and office AV and network infrastructure.
• Devise novel sharing controls and associated monitoring to protect company data, including intelligent groups management, Data Loss Prevention (DLP), and other security controls as appropriate.
• Employ forward-thinking models like 'secure by default' and 'zero trust' to create sustainably secure environments for knowledge workers and developers.
• Identify and remediate vulnerabilities in internal systems, adhering to best practices for data security.
• Use AI-driven models to develop systems for improved security detection and response, data classification, and other security-related tasks.
• Educate employees on the importance of data security and advise them on best practices for maintaining a secure environment.
• Contribute to OpenAI's endpoint and cloud security roadmaps by staying up-to-date with the latest security threats and making recommendations for improving the security posture.

What We Are Looking For

• Experience in protecting and managing macOS fleets.
• Experience deploying and managing endpoint security solutions (e.g., management frameworks, EDR tools).
• Experience with public cloud service providers (e.g., Amazon AWS, Microsoft Azure).
• Experience with identity and access management frameworks and protocols, including SAML, OAUTH, and SCIM.
• Experience with e-mail security protocols (e.g., SPF, DKIM, DMARC) and controls.
• Intermediate or advanced proficiency with a scripting language (e.g., Python, Bash, or similar).
• Knowledge of modern adversary tactics, techniques, and procedures.
• Ability to empathize and collaborate with colleagues, independently manage and run projects, and prioritize efforts for risk reduction.
• Strong understanding of security principles, including secure design, secure coding practices, and security testing.
• Experience with IT service management frameworks (e.g., ITIL).

Nice to Have

• Familiarity with AI and machine learning concepts and their application in security.
• Experience with security orchestration, automation, and response (SOAR) solutions.
• Knowledge of cloud security architecture and design patterns.
• Experience with compliance frameworks (e.g., HIPAA, PCI-DSS, GDPR).

Benefits and Perks

• Competitive salary and equity package.
• Comprehensive health, dental, and vision insurance.
• Generous PTO policy and paid holidays.
• Remote work stipend and support for home office setup.
• Professional development opportunities, including training and conference sponsorships.
• Access to the latest security tools and technologies.
• Collaboration with a talented team of security professionals.
• Opportunity to work on cutting-edge AI and security projects.
• Flexible working hours and a healthy work-life balance.

• Tip: Make sure your resume and cover letter are tailored to the specific requirements of the Enterprise Security Engineer role, highlighting your experience with security measures, threat monitoring, and compliance.
• To stand out, prepare examples of your previous work in security, such as implementing security protocols or responding to security incidents.
• Familiarize yourself with OpenAI's products and mission to demonstrate your passion for AI and security.
• Be prepared to discuss your experience with scripting languages, such as Python or Bash, and how you have applied them in a security context.
• When negotiating salary, consider the cost of living in your area and the industry standard for cybersecurity professionals.
• Look for red flags such as lack of transparency about the company's security practices or unrealistic expectations for the role.
• Be prepared to ask questions during the interview, such as what a typical day looks like in the role or how the company approaches security training and professional development.