Security Engineer, Infrastructure Security

About the Role

The Infrastructure Security team at OpenAI is responsible for securing everything from bare-metal hardware and firmware to Kubernetes clusters and service meshes, to data storage and access pathways for highly sensitive model weights and user data. This role requires a deep understanding of security principles, best practices, and common vulnerabilities, as well as a proactive mindset to identify and address security gaps or inefficiencies through automation and tooling.

What You Will Do

• Design and build security controls across diverse layers (e.g., physical hardware, firmware/BMC, OS, Kubernetes, networks, and CI/CD) to defend against sophisticated adversaries and insider threats.
• Collaborate with engineering and security teams to drive deployment of security enhancements and control changes across broad-scale infrastructure.
• Tackle high-impact projects such as checkpoint encryption, network isolation, secret management, and machine identity, while continuously raising the security bar for emerging AI workloads.
• Take a generalist approach to building security controls, balancing a mix of security expertise and broad technical skillsets to adapt to evolving challenges.
• Participate in threat modeling and risk assessments to identify potential security threats and develop mitigation strategies.
• Develop and maintain documentation of security controls, procedures, and incident response plans.
• Engage with cross-functional teams to ensure security is integrated into the development lifecycle.
• Stay up-to-date with the latest security technologies, threats, and trends, applying this knowledge to improve OpenAI's security posture.
• Collaborate with the compliance team to ensure security controls meet regulatory requirements.
• Develop automation scripts to streamline security tasks and improve efficiency.

What We Are Looking For

• Deep understanding of security principles, best practices, and common vulnerabilities.
• A proactive mindset, with the ability to identify and address security gaps or inefficiencies through automation and tooling.
• A track record of delivering scalable solutions and driving impactful changes across infrastructure in real-world projects.
• Expertise in the security of cloud platforms (e.g., Amazon AWS, Microsoft Azure), especially securing multi-cloud networks and infrastructure, and designing cloud-agnostic systems.
• Experience securing on-prem deployments and data centers from construction to multi-tenant use.
• Familiarity with container security, orchestration security, and authentication/authorization.
• Strong analytical and problem-solving skills, with an ability to think critically and objectively assess security risks.
• Excellent communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders.
• Excitement about collaborating with cross-functional teams to build secure, reliable systems that scale globally.
• Experience with security testing and vulnerability assessment tools.
• Knowledge of compliance frameworks and regulatory requirements.

Nice to Have

• Experience with Excel for data analysis and reporting.
• Familiarity with AI and machine learning technologies.
• Knowledge of network architecture and design.
• Experience with IT service management frameworks.
• Certification in security (e.g., CISSP, CEH).

Benefits and Perks

• Competitive compensation package.
• Opportunity to work with cutting-edge AI technologies.
• Collaborative and dynamic work environment.
• Flexible working hours and remote work options.
• Access to professional development and training opportunities.
• Comprehensive health insurance package.
• Retirement savings plan.
• Paid time off and holidays.
• Employee assistance program.
• Discounted gym membership and wellness programs.

• When applying, make sure your resume and cover letter highlight your experience with cloud security, Kubernetes, and automation tools.
• Be prepared to discuss specific examples of how you've addressed security gaps or inefficiencies in previous roles.
• Showcasing a deep understanding of security principles and common vulnerabilities is crucial, so review these topics before the interview.
• Demonstrating your ability to communicate complex security concepts to non-technical stakeholders is important, so practice explaining technical terms in simple language.
• Consider creating a portfolio that showcases your security projects and accomplishments to stand out from other applicants.
• During salary negotiations, highlight your experience and the value you can bring to OpenAI's security team, and be open to discussing flexible compensation packages.
• Pay attention to the company culture and values during the interview process, and be prepared to ask questions about how security is prioritized within the organization.