Security Engineer, Detection and Response

About the Role

The Security team at Openai is committed to supporting all products and research, prioritizing impact, enabling researchers, and preparing for future transformative technologies. As a key member of this team, you will be expected to embody these tenets, constantly seeking ways to improve and enhance the security posture of the company.

The role is based in Sydney, Australia, and offers the opportunity to work remotely, utilizing digital skills to collaborate with global teams. The ideal candidate will have hands-on experience in threat detection and incident response, with a deep understanding of modern adversary tradecraft and the ability to translate it into practical detection strategies.

What You Will Do

• Build and evolve Detection & Response capabilities across Openai's infrastructure, products, and research environments, emphasizing high-signal detection and reliable operational response.
• Engineer detection pipelines and tooling, including rule lifecycle management, measurement/quality loops, tuning processes, and safe rollout patterns.
• Automate response and investigations by building workflows that reduce toil and improve time-to-understand/time-to-contain.
• Partner with other Security teams and system/infrastructure owners to ensure new systems ship with the right telemetry, threat models, and response playbooks.
• Define D&R requirements and drive visibility across endpoints, identity, SaaS, cloud, and Kubernetes, identifying telemetry/control gaps and advocating for fixes.
• Evaluate and respond to emergent security concerns in a frontier AI lab environment, such as detection and response strategies for agents operating across infrastructure at scale.
• Develop and maintain threat models for new and existing infrastructure, identifying potential attack vectors and designing detection and response strategies.
• Collaborate with the research team to develop and implement secure AI and machine learning models.
• Participate in incident response and remediation efforts, providing technical expertise and guidance.

What We Are Looking For

• Hands-on experience in threat detection and/or incident response, including building detections, running investigations, and improving operational playbooks.
• Understanding of modern adversary tradecraft (TTPs) and the ability to translate it into practical detection strategies and response actions.
• Threat modeling mindset, with the ability to evaluate new infrastructure or features and identify D&R implications.
• Experience working in Kubernetes/containerized environments, including building detections from cluster telemetry and understanding common failure and attack modes.
• Comfortable reasoning about lower-level infrastructure and datacenter risks, such as firmware/BMC surfaces, network segmentation/telemetry, and hard-to-observe control paths.
• Experience across major cloud platforms (Azure, AWS, GCP, OCI), with the ability to design cloud-agnostic detection approaches.
• Ability to communicate clearly and collaborate well across teams, with a strong focus on enabling researchers and prioritizing impact.
• Experience with automation tools and workflows, with the ability to build and maintain complex systems.

Nice to Have

• Experience with AI and machine learning models, including development and implementation of secure models.
• Knowledge of programming languages such as Python, Java, or C++.
• Experience with cloud security platforms and tools, such as AWS IAM or GCP Cloud Security Command Center.
• Certification in security or a related field, such as CISSP or CEH.

Benefits and Perks

• Competitive salary and benefits package.
• Opportunity to work with cutting-edge AI technology and contribute to the development of secure AI and machine learning models.
• Collaborative and dynamic work environment with a team of experienced security professionals.
• Flexible working hours and remote work options.
• Professional development and training opportunities, including conferences and workshops.
• Access to state-of-the-art security tools and technologies.
• Comprehensive health insurance and wellness programs.
• Generous PTO and holiday package.

• Tip: Highlight your experience with threat detection and incident response in your resume and cover letter, and be prepared to provide specific examples during the interview process.
• Tip: Familiarize yourself with Openai's technology and research areas, and be prepared to discuss how your skills and experience align with the company's goals and objectives.
• Tip: Emphasize your ability to communicate complex technical concepts to non-technical stakeholders, and provide examples of how you have done so in the past.
• Tip: Be prepared to discuss your experience with automation tools and workflows, and provide examples of how you have used these tools to improve efficiency and reduce toil.
• Tip: Research the current threat landscape and be prepared to discuss emerging threats and trends, and how you would approach detecting and responding to these threats.
• Tip: Practice your problem-solving skills and be prepared to complete technical exercises or challenges during the interview process.