CrawlJobs Logo

Offensive Security Engineer

openai.com Logo

OpenAI

Location Icon

Location:
United States , San Francisco

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

277600.00 - 490000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

We're seeking an exceptional Principal-level Offensive Security Engineer to challenge and strengthen OpenAI's security posture. This role isn't your typical red team job - it's an opportunity to engage broadly and deeply, craft innovative attack simulations, collaborate closely with defensive teams, and influence strategic security improvements across the organization. You'll have the chance to not only find vulnerabilities but actively drive their resolution, automate offensive techniques with cutting-edge technologies, and use your unique attacker perspective to shape our security strategy. This role will be primarily focused on continuously testing our agent powered products like codex and operator. These systems are uniquely valuable targets because they’re rapidly evolving, have access to perform sensitive actions on behalf of users, and have large, diverse attack surfaces. You will play a crucial role in securing our agents by hunting for realistic vulnerabilities that emerge from the interactions between the applications, infrastructure, and models that power them.

Job Responsibility:

  • Continuously hunt for vulnerabilities in the interactions between the applications, infrastructure, and models that power our agentic products
  • Conduct open-scope red and purple team operations, simulating realistic attack scenarios
  • Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities
  • Perform comprehensive penetration testing on our diverse suite of products
  • Leverage advanced automation and OpenAI technologies to optimize your offensive security work
  • Present insightful, actionable findings clearly and compellingly to inspire impactful change
  • Influence security strategy by providing attacker-driven insights into risk and threat modeling

Requirements:

  • 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise
  • Deep expertise conducting offensive security operations within modern technology companies
  • Experience designing, developing, or testing assessing the security of AI-powered systems
  • Experience working finding, exploiting and mitigating common vulnerabilities in AI systems like prompt injection, leaking sensitive data, confused deputies, and dynamically generated UI components
  • Exceptional skill in code review, identifying novel and subtle vulnerabilities
  • Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred)
  • Demonstrated mastery assessing complex technology stacks, including: Highly customized Kubernetes clusters, Container environments, CI/CD pipelines, GitHub security, macOS and Linux operating systems, Data science tooling and environments, Python-based web services, React-based frontend applications
  • Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts
  • Excellent coding skills, capable of writing robust tools and automation for offensive operations
  • Ability to communicate complex technical concepts effectively through compelling storytelling
  • Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases

Nice to have:

  • Background or expertise in AI or data science
  • Prior experience working in tech startups or fast-paced technology environments
  • Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure
What we offer:
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Relocation support for eligible employees
  • Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided
  • Offers Equity
  • performance-related bonus(es) for eligible employees

Additional Information:

Job Posted:
February 21, 2026

Employment Type:
Fulltime
Work Type:
On-site work
Icon
OpenAI - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Offensive Security Engineer

Security Engineering Manager

Corporate Tools is looking for a Security Engineering Manager who eats vulnerabi...
Location
Location
Salary
Salary:
185000.00 USD / Year
corporatetools.com Logo
Corporate Tools
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS in Computer Science or equivalent experience
  • 5+ years building and securing software — hands‑on experience with web frameworks (Rails, Django, Node, etc.) and modern architectures
  • Proven application security expertise: secure SDLC, OWASP, threat modeling, exploit mitigation, and vulnerability remediation
  • Experience leading security or engineering teams — setting strategy, running scrums, conducting reviews, and mentoring talent
  • Strong knowledge of cloud environments (AWS, Azure, GCP) and securing databases (SQL/NoSQL) in production
  • Exposure to offensive and defensive security practices — red team, blue team, or incident response experience a plus
  • Ability to communicate risk and solutions to execs, engineers, and auditors — respected by hackers and trusted by leadership
  • Pragmatic mindset: knows when to enable speed, when to block, and how to automate guardrails to keep teams fast and safe
Job Responsibility
Job Responsibility
  • Lead 6 security engineers across three specialized teams: Red (offense), Blue (defense), and Orange (compliance)
  • Own the security strategy and execution for offensive testing, defensive monitoring, and compliance work — ensuring all three disciplines are aligned
  • Act as the technical anchor for the teams: review code, guide exploits, drive secure architecture decisions, and mentor engineers
  • Partner with product and engineering leads to embed security into development (threat modeling, secure coding, CI/CD guardrails)
  • Build internal security tools and automation that make it easier for product teams to ship securely
  • Oversee red team engagements and turn findings into actionable fixes, not just reports
  • Manage defensive capabilities — incident response, detection engineering, monitoring — and continually improve them
  • Ensure compliance frameworks (SOC2, ISO, PCI, etc.) are met without slowing innovation or creating unnecessary bureaucracy
  • Set a high technical bar: coach, mentor, and challenge engineers to pursue elegant, practical security solutions
  • Balance being a builder and a leader: stay hands‑on enough to earn respect from hackers, but prioritize leading and scaling the team’s impact
What we offer
What we offer
  • 100% employer-paid medical, dental and vision for employees
  • Annual review with raise option
  • 22 days Paid Time Off accrued annually, and 4 holidays
  • After 3 years, PTO increases to 29 days. Employees transition to flexible time off after 5 years with the company—not accrued, not capped, take time off when you want
  • The 4 holidays are: New Year’s Day, Fourth of July, Thanksgiving, and Christmas Day
  • Paid Parental Leave
  • Up to 6% company matching 401(k) with no vesting period
  • Quarterly allowance
  • Use to make your remote work set up more comfortable, for continuing education classes, a plant for your desk, coffee for your coworker, a massage for yourself... really, whatever
  • Open concept office with friendly coworkers
Read More
Arrow Right

Principal Security Engineer

We’re looking for a principal Security Testing Engineer to work closely with the...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years penetration testing experience in a consultancy, dedicated internal pentesting team, or similar offensive security function
  • 2+ years experience as an offensive security team lead
  • Strong experience in white-box application security testing
  • Full stack application security technical experience
  • Delivery focused
  • Experience mentoring junior penetration testers
  • The ability to complete a penetration test and code review of a modern cloud application
  • Experience leading security teams on complex penetration testing engagements
  • Strong, practical understanding of security testing methodologies, supporting infrastructure requirements and legal considerations
  • Strong collaboration and communication skills when working with closely with deeply technical development and infrastructure teams
Job Responsibility
Job Responsibility
  • Providing SME knowledge and guidance to a team of pen testers/code review
  • Continuing to mature pen testing/code review workflows
  • Identifying and recruiting top-class penetration testing talent
  • Supporting and guiding the growth of a India based penetration testing team
  • Analysing vulnerability data for trends and gaps in controls
  • Identifying significant vulnerabilities in Atlassian products prior to production deployment
  • Building contacts in the Atlassian engineering team, product team and security team
  • Building and leveraging existing contacts to identify potential talent to join the team
  • Establishing testing processes in the local team that complements and extends existing processes
  • Identifying insights which contribute to strategic investments
What we offer
What we offer
  • health and wellbeing resources
  • paid volunteer days
  • Fulltime
Read More
Arrow Right

Cloud Security Engineer

The Cloud Security Analyst performs all processes and procedures necessary to en...
Location
Location
Brazil , São Paulo
Salary
Salary:
Not provided
knowbe4.com Logo
KnowBe4
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in information security, information systems, or similar preferred
  • Relevant industry certification in information security, cloud security or similar preferred
  • Certifications in AWS, Azure and specifically AWS Security highly desirable
  • Demonstrated practical knowledge in cloud computing, cloud security, information security, IT, internet concepts
  • Some experience with infosec testing tools and scripts
  • Some experience with offensive cloud security
  • Familiar with application development concepts: servers, databases, coding, API’s, containers, logging, troubleshooting
  • Some experience working with Terraform/CloudFormation
  • Familiar with OWASP top 10 and MITRE ATT&CK Framework
  • Understanding of MITRE ATT&CK matrix
Job Responsibility
Job Responsibility
  • Responds to security alerts created across infosec alerting systems
  • Perform continuous monitoring and triage of security alerts from SIEM, CSPM, CWPP, and other cloud security tools
  • Serve as the primary responder for cloud security incidents, leading the investigation, containment, eradication, and recovery efforts
  • Creates new security alerts and dashboards related to cloud security
  • Triage cloud security findings
  • Performs threat hunting across information security log feeds
  • Monitor for, investigate, and respond to security incidents
  • Performs root cause analysis on identified vulnerabilities and identified incidents
  • Perform security reviews and penetration testing across company cloud infrastructure
  • Stay informed on the latest vulnerabilities
What we offer
What we offer
  • company-wide bonuses based on monthly sales targets
  • employee referral bonuses
  • adoption assistance
  • tuition reimbursement
  • certification reimbursement
  • certification completion bonuses
  • modern, high-tech, and fun work environment
  • Fulltime
Read More
Arrow Right

Product Security Test Engineer

As part of our HPE Operations Cybersecurity Lab, the Security Systems/Software E...
Location
Location
Puerto Rico , Aguadilla
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master's degree in Computer Science, Information Systems, or equivalent
  • Typically 4-6 years experience
  • Expertise in multiple software systems design tools and languages
  • Experience of relational database management systems and their query languages (e.g. SQL)
  • Strong Experience writing software using any modern language and technology stack, i.e Python, Javascript, and frameworks for building APIs and user interfaces
  • Knowledge of tools like Metasploit, Nmap, Burp Suite, Wireshark, vulnerability scanning tools, network mapping, and packet analysis
  • Experience in overall architecture of software systems for products, solutions and IT systems
  • Expertize working in a DevSecOps environment
  • Knowledge of OWASP Top 10 vulnerabilities, web-based attacks (SQL injection, XSS, CSRF), and web protocols
  • Experience with encryption methods and their applications
Job Responsibility
Job Responsibility
  • Designs security enhancements, updates, and programming changes for portions and subsystems of systems software, including operating systems, compliers, networking, utilities, databases, and Internet-related tools
  • Analyzes design and determines coding, programming, and integration activities required based on security requirements and general objectives and knowledge of overall architecture of product or solution
  • Design, develop, test, and maintain robust, scalable, and high-quality security and software solutions
  • Supports application and systems security strategy, architecture and roadmaps, review application architectures, code and system services from a security perspective
  • Writes and executes complete security testing plans, protocols, and documentation for assigned portion of application
  • identifies and debugs, and creates solutions for issues with code and integration into application architecture
  • Leads a project team of other software systems engineers and internal and outsourced development partners to develop reliable, cost effective and high quality solutions for assigned systems portion or subsystem
  • Collaborates and communicates with management, internal, and outsourced development partners regarding software systems design status, project progress, and issue resolution
  • Represents the software systems engineering team for all phases of larger and more-complex development projects
  • Provides guidance and mentoring to less-
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Senior Security Researcher

Endor Labs is building the Application Security platform for the software develo...
Location
Location
United States
Salary
Salary:
Not provided
https://www.endorlabs.com Logo
Endor Labs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security research, vulnerability discovery, and offensive security
  • deep expertise in reverse engineering, exploit development, and software vulnerability analysis
  • strong understanding of software supply chain security, including package management systems, CI/CD pipelines, and dependency analysis
  • experience discovering and responsibly disclosing zero-day vulnerabilities
  • proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides)
  • proficiency in programming languages such as Python, Rust, or Go
  • strong analytical skills and the ability to conduct complex security research autonomously
  • excellent communication skills, both written and verbal, to convey technical concepts to diverse audiences.
Job Responsibility
Job Responsibility
  • Conduct offensive security research on software supply chain threats, identifying and analyzing zero-day vulnerabilities
  • develop and refine exploit techniques to understand modern attack vectors targeting software supply chain through malicious code, 3rd party libraries, and CI/CD systems
  • work closely with Product Management to translate research findings into innovative security capabilities within Endor Labs' products
  • publish research findings through technical blogs, white papers, and industry-leading security conferences
  • collaborate with security engineers and developers to prototype and implement detection and mitigation strategies for emerging threats
  • contribute to the security community by developing open-source tools, methodologies, or frameworks that enhance software supply chain security
  • stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our research efforts.
What we offer
What we offer
  • Work with a world-class team dedicated to pushing the boundaries of security research
  • directly influence the security of modern software supply chains
  • a culture that values innovation, collaboration, and continuous learning
  • competitive compensation, flexible work environment, and a generous benefits package
  • opportunity to present groundbreaking research and contribute to the global security community.
  • Fulltime
Read More
Arrow Right

Hardware Security Researcher

Internship position in the Donjon team responsible for security of all products ...
Location
Location
France , Paris
Salary
Salary:
1500.00 EUR / Month
https://www.ledger.com Logo
Ledger
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience with programming in Python or Rust
  • Basic understanding of (or strong curiosity towards) semiconductor devices and Integrated Circuits stack up and layout
  • Interest in working in a hands-on, experimental lab environment
  • Ability to formalize your work and shape concepts at the relevant abstraction level
  • Ability to develop and document methods, standards, and guidelines
  • Ability to clearly articulate and communicate your ideas, in written and spoken English
Job Responsibility
Job Responsibility
  • Research cutting-edge offensive security techniques
  • Develop reverse engineering techniques and tools for Integrated Circuits manufactured on modern process nodes
  • Develop attacks for the chips you studied based on reverse engineered information
  • Formalize and generalize the attacks you find, and propose systematic ways to mitigate them or altogether render them impossible
  • Submit your findings for publication in academic journals or specialised conferences if time permits
What we offer
What we offer
  • Social: Frequent social events, snacks and drinks
  • Transportation allowance: commuter allowance to contribute to your preferred means of transportation
  • Lunch vouchers: meal allowance with Swile
  • Vacation: 1 day off for every full month of work, in addition to national holidays
  • Fulltime
Read More
Arrow Right

Offensive Security Engineer I

As an Offensive Security Engineer, you help protect Mollie’s platform and the bu...
Location
Location
Italy , Milan
Salary
Salary:
Not provided
mollie.com Logo
Mollie
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years of hands-on offensive security experience (penetration testing, ethical hacking, product security engineering)
  • Certifications such as OSCP, OSCE, or similar are highly preferred
  • Practical experience testing modern web applications and APIs (auth, authorization, business logic, data handling)
  • Familiarity with common testing tools and techniques (e.g., Burp Suite and similar tooling)
  • Basic scripting/automation skills (Python, Bash, or similar) to speed up repeatable work
  • Understanding of cloud environments and common attack vectors (GCP concepts are all welcome)
  • Ability to write clear, actionable findings and communicate risk to both technical and non-technical stakeholders
  • A collaborative mindset: you enjoy partnering with teams to get issues fixed and verified
Job Responsibility
Job Responsibility
  • Plan and execute security assessments across web applications, APIs, cloud services, and internal systems—focused on realistic attack paths and business impact
  • Confirm exploitability, reduce false positives, and help teams understand severity and remediation options
  • Partner with SecOps and Security Engineering to run collaborative exercises (e.g., detection validation, incident simulations, phishing/crisis scenarios) that strengthen real-world readiness
  • Improve playbooks, testing approaches, and automation to scale offensive security across teams and technologies
  • Partner closely with engineering teams to answer questions, support fixes, retest, and uplift secure development practices—while also contributing to security awareness initiatives across the organization
What we offer
What we offer
  • Noise cancelling headphones
  • MacBook
  • Birthday off
  • Complimentary baby days
  • 20 days working from abroad
  • 22 holiday days
  • Internet allowance
  • Lunch voucher
  • Wellbeing program
  • Health insurance
  • Fulltime
Read More
Arrow Right

Offensive Security Engineer I

As an Offensive Security Engineer, you help protect Mollie’s platform and the bu...
Location
Location
Portugal , Lisbon
Salary
Salary:
Not provided
mollie.com Logo
Mollie
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years of hands-on offensive security experience (penetration testing, ethical hacking, product security engineering)
  • Certifications such as OSCP, OSCE, or similar are highly preferred
  • Practical experience testing modern web applications and APIs (auth, authorization, business logic, data handling)
  • Familiarity with common testing tools and techniques (e.g., Burp Suite and similar tooling)
  • Basic scripting/automation skills (Python, Bash, or similar) to speed up repeatable work
  • Understanding of cloud environments and common attack vectors (GCP concepts are all welcome)
  • Ability to write clear, actionable findings and communicate risk to both technical and non-technical stakeholders
  • A collaborative mindset: you enjoy partnering with teams to get issues fixed and verified
Job Responsibility
Job Responsibility
  • Plan and execute security assessments across web applications, APIs, cloud services, and internal systems—focused on realistic attack paths and business impact
  • Confirm exploitability, reduce false positives, and help teams understand severity and remediation options
  • Partner with SecOps and Security Engineering to run collaborative exercises (e.g., detection validation, incident simulations, phishing/crisis scenarios) that strengthen real-world readiness
  • Improve playbooks, testing approaches, and automation to scale offensive security across teams and technologies
  • Partner closely with engineering teams to answer questions, support fixes, retest, and uplift secure development practices—while also contributing to security awareness initiatives across the organization
What we offer
What we offer
  • Noise cancelling headphones
  • MacBook
  • Birthday off
  • Complimentary baby days
  • 20 days working from abroad
  • 22 holiday days
  • Commute allowance
  • Work from home budget
  • Bike lease plan
  • Internet allowance
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy