Security Engineer, Application Security

OpenaiOpenai·Remote(New York City)
Software Development

WFA Digital Insight

As the demand for cybersecurity specialists continues to grow, with a reported 25% increase in 2025, roles like this Security Engineer position at Openai are becoming increasingly crucial. This is not just about securing systems, but about ensuring the safety of AI technologies that are transforming industries. With the rise of remote work, digital skills are more in demand than ever, and companies are looking for professionals who can safeguard their digital assets. Openai, a leader in AI research and deployment, is no exception, and this role offers a unique chance to work with a team that prioritizes impact and enables researchers. Before applying, candidates should understand the importance of balancing technical expertise with operational acumen and the ability to communicate complex security issues to both technical and non-technical stakeholders.

Job Description

About the Role

The Security Engineer, Application Security, plays a pivotal role in Openai's mission to ensure that artificial general intelligence benefits all of humanity. This role is about more than just identifying vulnerabilities; it's about building a robust security culture that proactively mitigates risks. The Security team at Openai is committed to supporting all products and research, and this position is key to achieving that goal. Day-to-day, the Security Engineer will work closely with development teams to integrate secure coding practices throughout the software development lifecycle, preventing security risks before they emerge.

As part of the Security team, the successful candidate will be part of a group that prioritizes impact, enables researchers, prepares for future transformative technologies, and engages a robust security culture. This is a team that values technical expertise but also understands the importance of operational acumen and communication. The role is preferred to be based in New York City but may consider remote work, offering a hybrid work model that includes relocation assistance for those who need it.

What You Will Do

  • Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.
  • Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.
  • Collaborate with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.
  • Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.
  • Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.
  • Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.
  • Stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.
  • Participate in the development of security policies and procedures.
  • Provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.
  • Engage with external security communities and partners to stay informed about emerging security trends and best practices.

What We Are Looking For

  • Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles.
  • Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response.
  • Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks.
  • Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods.
  • Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences.
  • Experience with cloud security platforms and technologies.
  • Understanding of compliance and regulatory requirements.
  • Ability to work in a fast-paced environment and prioritize tasks effectively.

Nice to Have

  • Experience with AI and machine learning security.
  • Knowledge of containers and container orchestration (e.g., Docker, Kubernetes).
  • Familiarity with DevOps practices and tools (e.g., Jenkins, GitLab CI/CD).
  • Certification in security (e.g., CISSP, CEH).
  • Experience with bug bounty programs and vulnerability disclosure.

Benefits and Perks

  • Competitive compensation package.
  • Equity in a leading AI research and deployment company.
  • Comprehensive health, dental, and vision insurance.
  • Flexible PTO and holidays, recognizing the importance of work-life balance.
  • Remote work stipend to support your home office setup.
  • Professional development opportunities, including conferences, training, and workshops.
  • Access to cutting-edge technologies and tools.
  • Collaborative and dynamic work environment with a team of experts in their fields.

How to Stand Out

  • Be prepared to demonstrate your proficiency in programming languages and familiarity with security tools during the interview process.
  • Highlight any experience you have with cloud security platforms and technologies, as well as compliance and regulatory requirements.
  • Showcase your ability to communicate complex security issues to non-technical stakeholders through clear, concise explanations.
  • Emphasize your understanding of the importance of balancing technical expertise with operational acumen.
  • Consider including examples of your experience with threat modeling, risk assessments, and incident response in your application.
  • Be ready to discuss how you stay updated on the latest security threats, vulnerabilities, and technologies, and how you apply that knowledge in your work.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.