Offensive Security Engineer, Agent Products

ABOUT THE TEAM

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

ABOUT THE ROLE

We’re seeking an exceptional Principal-level Offensive Security Engineer focused on deep, hands-on penetration testing of OpenAI’s agent-powered products, infrastructure, and model-integrated application surfaces. You’ll assess complex systems end to end, identify realistic vulnerabilities, validate exploitability and impact, and partner closely with engineering teams to drive durable fixes.

This role will be primarily focused on continuously testing our agent-powered products like Codex and Operator. These systems are uniquely valuable targets because they’re rapidly evolving, can perform sensitive actions on behalf of users, and have large, diverse attack surfaces. You will play a crucial role in securing our agents by finding vulnerabilities that emerge from the interactions between the applications, infrastructure, tools, and models that power them.

You’ll have the chance to not only find vulnerabilities, but actively drive their resolution, build reusable testing approaches, automate offensive security workflows with cutting-edge technologies, and use your attacker perspective to improve the security of OpenAI’s products.

IN THIS ROLE YOU WILL:

- Conduct deep penetration tests of OpenAI’s agent-powered products, including web applications, APIs, cloud services, identity and authorization flows, CI/CD systems, and model-integrated product surfaces.

- Continuously hunt for exploitable vulnerabilities in the interactions between the applications, infrastructure, tools, and models that power our agentic products.

- Perform code review, architecture review, and hands-on exploitation to validate risk and identify subtle or novel failure modes.

- Produce clear, actionable findings with reproduction steps, exploitability analysis, impact assessment, and practical remediation guidance.

- Partner directly with engineering teams to drive fixes, validate remediation, and improve secure design patterns across agentic products.

- Build tools, test harnesses, and automation to scale penetration testing across rapidly evolving product surfaces.

- Leverage advanced automation and OpenAI technologies to optimize your offensive security work.

- Share attacker-informed insights with security and engineering teams to improve threat models, mitigations, and defensive coverage.

YOU MIGHT THRIVE IN THIS ROLE IF YOU HAVE:

- 7+ years of hands-on penetration testing, product security assessment, app