What you'd actually do

Oversee global detection and response operations, including continuous monitoring, triage, investigation, containment, and remediation of security events across a diverse set of networks and infrastructure.

Lead, mentor, and directly manage several small teams of senior engineers across observability, detection and response, and threat intelligence. Hire and scale these functions deliberately and proportionately as OpenAI’s compute footprint and platform ambitions grow.

Ensure world-class operational rigor and readiness through management of incident playbooks, on-call and escalation paths, tabletop exercises, and continuous improvement of response quality and speed.

Improve detection quality and coverage by partnering with engineering teams to ensure critical telemetry is available, reliable, and actionable across cloud, corporate, and production environments.

Deeply partner across all of OpenAI to evaluate and respond to emergent security concerns in a frontier AI lab environment, such as detection and response strategies for agents operating across infrastructure at scale.

Build a world-class security program capable of withstanding tier-1 adversaries by maximally embracing our own models to solve frontier security problems.

Skills

Required

10+ years in cybersecurity
Detection engineering
Incident response
Security operations
Building and leading teams
Modern observability stacks (SIEM, data lakes, EDR, cloud telemetry, logging)
Detection primitives
Adversary tradecraft (TTPs)
Global footprint experience
Airgapped and sovereign environments experience
Leadership skills
Written and verbal communication skills
Calm under pressure
Security incident command

Nice to have

Active U.S. Government security clearance (Top Secret) or willingness and eligibility to obtain one
Leveraging AI models for security problems

What the JD emphasized

active U.S. Government security clearance (Top Secret) or willingness and eligibility to obtain one

deep expertise in detection engineering, incident response, and security operations

deep experience building and leading detection and response, instrumentation/observability, and threat intelligence teams across a global footprint, including airgapped and sovereign environments

deep expertise in modern observability stacks (e.g., SIEM, data lakes, EDR, cloud telemetry, logging) and detection primitives

Understand modern adversary tradecraft (TTPs) and have demonstrated experience and expertise translating it into practical detection strategies and response actions

About the Team

OpenAI’s Security organization exists to enable safe, responsible innovation at scale. As our systems, infrastructure, and research footprint grow, we invest deeply in world-class security capabilities that protect our people, products, and users without slowing progress.

This organization safeguards OpenAI’s environments by building advanced detection systems, driving real-time response capabilities, scaling telemetry and logging infrastructure, and delivering actionable threat intelligence to stay ahead of adversaries.

About the Role

We are seeking a Global Detection and Response Lead to own and scale OpenAI’s cybersecurity detection and response operations. In this role, you will set the strategy and drive execution for security monitoring, incident response, recovery, and post-incident improvements across our global infrastructure.

You will be a hands-on leader with deep technical credibility and strong operational instincts. You will build and mentor high-performing teams, partner closely with Infrastructure, Research, Product Security, Enterprise Security, IT, and Engineering, and ensure that detection and response capabilities are embedded by design into the systems that power OpenAI.

This is a strategic and practical leadership role requiring deep technical credibility, operational rigor, and the ability to build high-performing teams in a fast-moving environment.

In this role, you will:

Oversee global detection and response operations, including continuous monitoring, triage, investigation, containment, and remediation of security events across a diverse set of networks and infrastructure.
Lead, mentor, and directly manage several small teams of senior engineers across observability, detection and response, and threat intelligence. Hire and scale these functions deliberately and proportionately as OpenAI’s compute footprint and platform ambitions grow.
Ensure world-class operational rigor and readiness through management of incident playbooks, on-call and escalation paths, tabletop exercises, and continuous improvement of response quality and speed.
Improve detection quality and coverage by partnering with engineering teams to ensure critical telemetry is available, reliable, and actionable across cloud, corporate, and production environments.
Deeply partner across all of OpenAI to evaluate and respond to emergent security concerns in a frontier AI lab environment, such as detection and response strategies for agents operating across infrastructure at scale.
Build a world-class security program capable of withstanding tier-1 adversaries by maximally embracing our own models to solve frontier security problems.

You might thrive in this role if you:

Have 10+ years in cybersecurity with deep expertise in detection engineering, incident response, and security operations.
Have an active U.S. Government security clearance (Top Secret) or willingness and eligibility to obtain one.
Are mission-oriented, have unimpeachable integrity, and are passionate and motivated to detect and respond to adversaries in a highly complex, fast-paced environment.
Have deep experience building and leading detection and response, instrumentation/observability, and threat intelligence teams across a global footprint, including airgapped and sovereign environments.
Have stellar leadership skills, and a demonstrated history of driving durable, and continuous improvements to programs, processes, and people.
Have exceptional written and verbal communication skills, can remain calm under pressure, and can effectively run command of security incidents involving numerous stakeholders across a diverse gamut of teams, expertise, and seniority.
Have deep expertise in modern observability stacks (e.g., SIEM, data lakes, EDR, cloud telemetry, logging) and detection primitives.
Understand modern adversary tradecraft (TTPs) and have demonstrated experience and expertise translating it into practical detection strategies and response actions.

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity.

We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic.

For additional information, please see OpenAI’s Affirmative Action and Equal Employment Opportunity Policy Statement.

Background checks for applicants will be administered in accordance with applicable law, and qualified applicants with arrest or conviction records will be considered for employment consistent with those laws, including the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, for US-based candidates. For unincorporated Los Angeles County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: protect computer hardware entrusted to you from theft, loss or damage; return all computer hardware in your possession (including the data contained therein) upon termination of employment or end of assignment; and maintain the confidentiality of proprietary, confidential, and non-public information. In addition, job duties require access to secure and protected information technology systems and related data security obligations.

To notify OpenAI that you believe this job posting is non-compliant, please submit a report through this form. No response will be provided to inquiries unrelated to job posting compliance.

We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this link.

OpenAI Global Applicant Privacy Policy

At OpenAI, we believe artificial intelligence has the potential to help people solve immense global challenges, and we want the upside of AI to be widely shared. Join us in shaping the future of technology.