OpenAI
Offensive Security Engineer, Agent Products
Found: Today
About the Role
We’re seeking an exceptional Principal-level Offensive Security Engineer focused on deep, hands-on penetration testing of OpenAI’s agent-powered products, infrastructure, and model-integrated application surfaces. You’ll assess complex systems end to end, identify realistic vulnerabilities, validate exploitability and impact, and partner closely with engineering teams to drive durable fixes.
This role will be primarily focused on continuously testing our agent-powered products like Codex and Operator. These systems are uniquely valuable targets because they’re rapidly evolving, can perform sensitive actions on behalf of users, and have large, diverse attack surfaces. You will play a crucial role in securing our agents by finding vulnerabilities that emerge from the interactions between the applications, infrastructure, tools, and models that power them.
In this role you will:
- Conduct deep penetration tests of OpenAI’s agent-powered products, including web applications, APIs, cloud services, identity and authorization flows, CI/CD systems, and model-integrated product surfaces.
- Continuously hunt for exploitable vulnerabilities in the interactions between the applications, infrastructure, tools, and models that power our agentic products.
- Perform code review, architecture review, and hands-on exploitation to validate risk and identify subtle or novel failure modes.
- Produce clear, actionable findings with reproduction steps, exploitability analysis, impact assessment, and practical remediation guidance.
- Partner directly with engineering teams to drive fixes, validate remediation, and improve secure design patterns across agentic products.
- Build tools, test harnesses, and automation to scale penetration testing across rapidly evolving product surfaces.
- Leverage advanced automation and OpenAI technologies to optimize your offensive security work.
- Share attacker-informed insights with security and engineering teams to improve threat models, mitigations, and defensive coverage.