Security Engineer, Detection and Response

About The Team

The Security team at OpenAI is fundamental to the mission of ensuring artificial general intelligence benefits all of humanity. This team is responsible for protecting OpenAI's technology, people, and products. Operating both technically in what they build and operationally in how they work, the team supports all products and research. Their tenets include prioritizing for impact, enabling researchers, preparing for future transformative technologies, and fostering a robust security culture.

About The Role: Security Engineer, Detection and Response

As a Security Engineer on the Detection & Response team, you will play a critical role in safeguarding OpenAI's most sensitive assets, including intellectual property, customer data, and supporting infrastructure. This involves building and operating systems to detect suspicious activity and ensure effective responses when incidents occur. Your work will span endpoints, identity, cloud, hyperscale compute infrastructure, and datacenter-adjacent layers. You will collaborate closely with other security teams and infrastructure owners to define necessary telemetry and response requirements, developing tooling and automation for maximum leverage.

In This Role, You Will:

• Build and evolve Detection & Response capabilities across OpenAI’s infrastructure, products, and research environments, focusing on high-signal detection and reliable operational response.
• Engineer detection pipelines and tooling, including developing rule lifecycle management, measurement/quality loops (coverage, precision, latency), tuning processes, and safe rollout patterns.
• Automate response and investigations by building workflows that reduce manual effort (triage, enrichment, containment, evidence capture) and improve time-to-understand and time-to-contain.
• Partner with other Security teams and system/infrastructure owners to ensure new systems are launched with appropriate telemetry, threat models, and response playbooks from day one.
• Define Detection & Response requirements and drive visibility across endpoints, identity, SaaS, cloud, and Kubernetes, identifying telemetry/control gaps, prioritizing them, and advocating for fixes (or implementing directly).
• Evaluate and respond to emergent security concerns within a frontier AI lab, such as developing detection and response strategies for agents operating across infrastructure at scale.

You Might Thrive In This Role If You:

• Possess hands-on threat detection and/or incident response experience, including building detections, conducting investigations, and refining operational playbooks.
• Understand modern adversary tradecraft (TTPs) and can translate this knowledge into practical detection strategies and effective response actions.
• Bring a threat modeling mindset, capable of evaluating new infrastructure or features, identifying Detection & Response implications, and translating them into concrete requirements.
• Have experience working in Kubernetes/containerized environments, including building detections from cluster telemetry and understanding common failure and attack modes.
• Are comfortable reasoning about lower-level infrastructure and datacenter risks, such as firmware/BMC surfaces, network segmentation/telemetry, and hard-to-observe control paths.
• Have experience across major cloud platforms (Azure, AWS, GCP, OCI), and can design cloud-agnostic detection approaches.
• Enjoy building automation to replace repetitive Detection & Response tasks, thoughtfully using agent-style workflows to reduce toil while maintaining measurable, auditable, and safe outcomes.
• Are energized by new problem areas in a forward-leaning technology company, such as developing strategies for detecting and responding to agents operating across systems at scale.
• Communicate clearly and collaborate effectively across teams, translating Detection & Response needs into clear requirements and driving follow-through with diverse audiences.
• Are comfortable with scripting and leverage AI/agent tooling to accelerate investigations and automation—more “directing” than doing everything by hand.

Key skills/competency

• Threat Detection
• Incident Response
• Security Engineering
• Cloud Security (Azure, AWS, GCP)
• Kubernetes Security
• Automation & Scripting
• Threat Modeling
• Endpoint Detection
• Identity & Access Management (IAM)
• SaaS Security