Security Engineer, Application Security

About the Role

The Security team at Openai operates under several key tenets: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture. This role will work closely with development teams to integrate secure coding practices throughout the software development lifecycle, preventing security risks before they emerge. Additionally, the Security Engineer will provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.

Openai's approach to security is both technical and operational, reflecting the company's commitment to creating and deploying AI systems safely. The ideal candidate will share this vision and have a deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response.

What You Will Do

• Perform regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.
• Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.
• Collaborate with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.
• Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.
• Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.
• Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.
• Stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.
• Develop and maintain comprehensive documentation of security procedures and guidelines.
• Participate in the development of the company's overall security strategy and roadmap.
• Engage with external security communities and partners to stay informed about emerging security trends and best practices.

What We Are Looking For

• Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles.
• Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response.
• Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks.
• Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods.
• Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences.
• Experience working in a fast-paced, dynamic environment with the ability to adapt quickly to changing priorities and threats.
• A bachelor's degree in Computer Science, Information Assurance, or a related field, or equivalent experience.

Nice to Have

• Experience with cloud security platforms (AWS, Azure, Google Cloud) and containerization technologies (Docker, Kubernetes).
• Knowledge of compliance frameworks and regulations (e.g., PCI-DSS, HIPAA, GDPR).
• Experience with security orchestration, automation, and response (SOAR) tools.
• Certification in security disciplines, such as CISSP, CEH, or OSCP.

Benefits and Perks

• Competitive salary and equity package.
• Comprehensive health insurance, including medical, dental, and vision.
• Generous paid time off (PTO) policy.
• Flexible working hours and remote work options.
• Professional development opportunities, including conferences, training, and workshops.
• Access to cutting-edge technologies and tools.
• Collaboration with a talented team of engineers and researchers.
• Relocation assistance for eligible candidates.
• A dynamic and supportive work environment that values diversity and inclusion.

• Develop a strong portfolio: Showcase your experience with security tools, frameworks, and methodologies to demonstrate your expertise to potential employers.
• Stay updated on security trends: Continuously educate yourself on the latest security threats, vulnerabilities, and technologies to stay ahead in the field.
• Highlight soft skills: In addition to technical skills, emphasize your ability to communicate complex security issues to non-technical audiences and collaborate with development teams.
• Prepare for technical interviews: Review common security interview questions and practice your responses to demonstrate your knowledge and problem-solving skills.
• Network with professionals: Engage with external security communities and attend industry events to expand your network and learn about new opportunities.
• Customize your application: Tailor your resume and cover letter to each job application, highlighting the skills and experiences that align with the job description.
• Be ready to discuss security culture: Show your understanding of the importance of security culture within an organization and how you can contribute to fostering it.