Offensive Security Engineer, Agent Products

About this role

OpenAI is seeking a Principal-level Offensive Security Engineer to conduct deep penetration testing of agent-powered products like Codex and Operator. You'll identify vulnerabilities across complex systems involving applications, infrastructure, and AI models, then partner with engineering teams to drive fixes and build scalable testing automation.

What you'll do

• Conduct penetration tests on agent products, web applications, APIs, cloud services, and identity systems
• Hunt for exploitable vulnerabilities in interactions between applications, infrastructure, tools, and AI models
• Perform code review, architecture review, and hands-on exploitation to validate risks
• Produce actionable findings with reproduction steps, exploitability analysis, and remediation guidance
• Partner with engineering teams to drive fixes and validate remediations
• Build tools, test harnesses, and automation to scale penetration testing across evolving products

What they're looking for

• Penetration testing and product security assessment (7+ years)
• Vulnerability discovery and exploitation in production systems
• AI/ML system security assessment including prompt injection and confused deputies
• Cloud security (Azure preferred)
• Kubernetes, containers, CI/CD, and GitHub security
• Code review and architecture analysis
• Python, React, and modern web technologies
• Tool development and offensive security automation