[Remote] Offensive Security Engineer, Agent Products
Note: The job is a remote job and is open to candidates in USA. OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. They are seeking a Principal-level Offensive Security Engineer to conduct deep penetration testing of their agent-powered products and infrastructure, identify vulnerabilities, and collaborate with engineering teams to implement security improvements.ResponsibilitiesConduct deep penetration tests of OpenAI’s agent-powered products, including web applications, APIs, cloud services, identity and authorization flows, CI/CD systems, and model-integrated product surfacesContinuously hunt for exploitable vulnerabilities in the interactions between the applications, infrastructure, tools, and models that power our agentic productsPerform code review, architecture review, and hands-on exploitation to validate risk and identify subtle or novel failure modesProduce clear, actionable findings with reproduction steps, exploitability analysis, impact assessment, and practical remediation guidancePartner directly with engineering teams to drive fixes, validate remediation, and improve secure design patterns across agentic productsBuild tools, test harnesses, and automation to scale penetration testing across rapidly evolving product surfacesLeverage advanced automation and OpenAI technologies to optimize your offensive security workShare attacker-informed insights with security and engineering teams to improve threat models, mitigations, and defensive coverageSkills7+ years of hands-on penetration testing, product security assessment, application security, cloud security assessment, or equivalent offensive security experienceDeep expertise finding, exploiting, documenting, and helping remediate vulnerabilities in complex production systemsExperience performing offensive security assessments of modern technology products, including web applications, APIs, cloud infrastructure, identity systems, CI/CD pipelines, and distributed servicesExperience designing, developing, or assessing the security of AI-powered systemsExperience finding, exploiting, and mitigating common vulnerabilities in AI systems, including prompt injection, confused deputies, unsafe tool use, and dynamically generated UI componentsExceptional skill in code review to identify novel and subtle vulnerabilitiesProven experience performing offensive security assessments in at least one hyperscaler cloud environment. Azure experience is preferredDemonstrated mastery assessing complex technology stacks, including: Highly customized Kubernetes clusters, Container environments, CI/CD pipelines, GitHub security, macOS and Linux operating systems, Data science tooling and environments, Python-based web services, React-based frontend applicationsStrong intuitive understanding of trust boundaries and risk assessment in dynamic contextsExcellent coding skills, capable of writing robust tools and automation for offensive security testingAbility to communicate complex technical concepts effectively through clear reports, practical remediation guidance, and compelling technical storytellingProven track record of not just finding vulnerabilities, but actively contributing to solutions in complex codebasesBackground or expertise in AI or data sciencePrior experience working in tech startups or fast-paced technology environmentsExperience in related disciplines such as Software Engineering, Product Security, Application Security, Detection Engineering, Site Reliability Engineering, Security Engineering, or IT InfrastructureCompany OverviewOpenAI is an AI research and deployment company that develops advanced AI models, including ChatGPT. It is a sub-organization of OpenAI Foundation. It was founded in 2015, and is headquartered in San Francisco, California, USA, with a workforce of 1001-5000 employees. Its website is https://www.openai.com.Company H1B SponsorshipOpenAI has a track record of offering H1B sponsorships, with 57 in 2026, 103 in 2025, 74 in 2024, 15 in 2023, 18 in 2022, 10 in 2021, 6 in 2020. Please note that this does not guarantee sponsorship for this specific role.