Compensation:

$325K – $405K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

About the Team:

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity.

Codex Security is OpenAI’s first security agent, built to scan GitHub Cloud repositories, validate real vulnerabilities, and integrate with Codex to help generate fixes.

About the Role:

Lead an effort to map, characterise, and prioritise cross-layer vulnerabilities in advanced AI systems – spanning data pipelines, training/inference runtimes, system and supply chain components. You’ll drive offensive research, produce technical deliverables, enhance the Codex Security product line, and serve as OpenAI’s primary technical counterpart for select external partners (including potential U.S. government stakeholders).

Responsibilities:

• Conduct deep security research on real-world software systems to discover complex vulnerabilities across large codebases and distributed architectures.

• Investigate and validate vulnerabilities discovered by AI-driven security agents, including building proofs-of-concept and exploit demonstrations.

• Partner with engineering teams to improve automated vulnerability discovery, validation, and remediation workflows as part of product development.

• Build high-quality security datasets and evals that will help advance model’s cybersecurity capabilities

• Train and improve AI models used for vulnerability discovery, validation, and automated remediation by developing datasets, evaluations, and feedback loops grounded in real-world security research.

• Publish technical write-ups, research insights, and vulnerability analyses that advance the state of application security.

You may thrive if you:

• Have strong experience in vulnerability research, exploit development, or offensive security.

• Have deep experience with cutting-edge offensive-security techniques

• Are fluent across AI/ML infrastructure (data, training, inference, schedulers, accelerators) and can threat-model end-to-end.

• Operate independently, align diverse teams, and deliver on tight timelines.

• Communicate clearly and concisely with experts and decision-makers.

• Care deeply about improving the security of widely used software and open-source infrastructure.

• Are a strong developer who can work in a small energetic team

Goals & impact:

• Build AI-driven systems that can discover high-impact vulnerabilities in widely deployed systems and open-source software before attackers do.

• Improve the precision and effectiveness of AI-driven security agents by grounding them in real-world vulnerability research.

Key technical challenges:

• System-level vulnerability discovery , identifying complex vulnerabilities that span multiple services, trust boundaries, or components.

• High-confidence validation , distinguishing real exploitable vulnerabilities from speculative or theoretical issues.

• Scaling security research with AI agents , guiding automated systems to analyse millions of commits while maintaining research-level rigor.

• Automated exploit and proof-of-concept generation , building reproducible demonstrations of vulnerabilities within sandboxed environments.

• Building large systems that work within OpenAI’s enterprise architecture

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity.

We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, colour, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic.

For additional information, please see [OpenAI’s Affirmative Action and Equal Employment Opportunity Policy Statement](https://cdn.openai.com/policies/eeo-policy-statement.pdf).

Background checks for applicants will be administered in accordance with applicable law, and qualified applicants with arrest or conviction records will be considered for employment consistent with those laws, including the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, for US-based candidates. For unincorporated Los Angeles County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: protect computer hardware entrusted to you from theft, loss or damage; return all computer hardware in your possession (including the data contained therein) upon termination of employment or end of assignment; and maintain the confidentiality of proprietary, confidential, and non-public information. In addition, job duties require access to secure and protected information technology systems and related data security obligations.

To notify OpenAI that you believe this job posting is non-compliant, please submit a report through [this form](https://form.asana.com/?d=57018692298241&k=5MqR40fZd7jlxVUh5J-UeA). No response will be provided to inquiries unrelated to job posting compliance.

We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this [link](https://form.asana.com/?k=bQ7w9h3iexRlicUdWRiwvg&d=57018692298241).

[OpenAI Global Applicant Privacy Policy](https://cdn.openai.com/policies/global-employee-and-contractor-privacy-policy.pdf)

At OpenAI, we believe artificial intelligence has the potential to benefit society in countless ways, and we want to ensure that everyone has access to the resources they need to succeed. That’s why we’re committed to creating a workplace where everyone feels welcome, valued, and empowered to contribute their best work.

We strive to create a culture of inclusivity, diversity, and respect, where everyone feels comfortable sharing their ideas, perspectives, and experiences. We believe that our differences are what make us stronger, and we’re committed to fostering a workplace where everyone can thrive.

If you’re passionate about using AI to drive positive change and want to join a team that shares your values, we encourage you to apply for this role. Together, let’s build a brighter future for all.

XML job scraping automation by YubHub

This is a unique opportunity to shape how frontier AI models handle dual-use cybersecurity knowledge,balancing the tremendous potential of AI to advance legitimate security research and defensive capabilities while preventing misuse by malicious actors.

In this role, you will lead and grow a team of technical specialists focused on cyber threat modeling and evaluation frameworks. You will serve as the primary domain expert on cyber harms, advising cross-functional teams on threat landscapes and mitigation strategies.

You will collaborate closely with internal and external threat modeling experts to develop training data for safety systems, and with ML engineers to train these systems, optimizing for both robustness against adversarial attacks and low false-positive rates for legitimate security researchers.

You will also analyze safety system performance in traffic, identifying gaps and proposing improvements. You will conduct regular reviews of existing policies and enforcement systems to identify and address gaps and ambiguities related to cybersecurity risks.

You will develop rigorous stress-testing of safeguards against evolving cyber threats and product surfaces. You will partner with Research, Product, Policy, Security Team, and Frontier Red Team to ensure cybersecurity safety is embedded throughout the model development lifecycle.

You will translate cybersecurity domain knowledge into actionable safety requirements and clearly articulated policies. You will contribute to external communications, including model cards, blog posts, and policy documents related to cybersecurity safety.

You will monitor emerging technologies and threat landscapes for their potential to contribute to new risks and mitigation strategies, and strategically address these.

You will mentor and develop team members, fostering a culture of technical excellence and responsible AI development.

To be successful in this role, you will need to have:

• An M.S. or PhD in Computer Science, Cybersecurity, or a related technical field, OR equivalent professional experience in offensive or defensive cybersecurity
• 5+ years of hands-on experience in cybersecurity, with deep expertise in areas such as vulnerability research, exploit development, network security, malware analysis, or penetration testing
• 2+ years of experience managing technical teams or leading complex technical projects with multiple stakeholders
• Experience in scientific computing and data analysis, with proficiency in programming (Python preferred)
• Deep expertise in modern cybersecurity, including both offensive techniques (vulnerability research, exploit development, penetration testing, malware analysis) and defensive measures (detection, monitoring, incident response)
• Demonstrated ability to create threat models and translate technical cyber risks into policy frameworks
• Familiarity with responsible disclosure practices, vulnerability coordination, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, CWE/CVE systems)
• Strong analytical and writing skills, with the ability to navigate ambiguity and explain complex technical concepts to non-technical stakeholders
• Experience developing policies or guidelines at scale, balancing safety concerns with enabling legitimate use cases
• A passion for learning new skills and an ability to rapidly adapt to changing techniques and technologies
• Comfort working in a fast-paced environment where priorities may shift as AI capabilities evolve
• Track record of translating specialized technical knowledge into actionable safety policies or enforcement guidelines

Preferred qualifications include:

• Background in AI/ML systems, particularly experience with large language models
• Experience developing ML-based security systems or adversarial ML research
• Experience working with defense, intelligence, or security organizations (e.g., NSA, CISA, national labs, security contractors)
• Published security research, disclosed vulnerabilities, or participated in bug bounty programs
• Understanding of Trust & Safety operations and content moderation at scale
• Certifications such as OSCP, OSCE, GXPN, or equivalent demonstrating technical depth
• Understanding of dual-use security research concerns and ethical considerations in AI safety

The annual compensation range for this role is $320,000-$405,000 USD.

XML job scraping automation by YubHub

You'll conduct hands-on penetration testing, lead red team engagements, and collaborate with blue team counterparts to validate and improve detection and response capabilities. Your work will directly influence how Stripe builds, ships, and secures financial infrastructure used by millions of businesses worldwide.

Responsibilities:

Conduct comprehensive penetration tests across web applications, APIs, cloud environments (AWS/GCP/Azure), mobile applications, and internal infrastructure.

Plan and execute red team engagements that emulate the TTPs of cyber and criminal threat actors targeting financial services, including initial access, lateral movement, persistence, and data exfiltration scenarios.

Perform assumed-breach and objective-based assessments to test detection and response capabilities in coordination with defensive teams.

Partner with detection engineering, threat intelligence, and incident response teams to validate security controls, identify coverage gaps, and improve detection fidelity.

Contribute adversary tradecraft insights to inform detection rule development, threat hunting hypotheses, and incident response playbooks.

Support incident investigations by providing offensive expertise, log analysis, and root cause analysis when required.

Design, develop, and maintain custom offensive tools, scripts, and automation frameworks to enhance assessment efficiency and coverage.

Build internal platforms and workflows that enable scalable, repeatable offensive operations.

Contribute to internal security tooling repositories and champion engineering best practices within the team.

Automate repetitive testing tasks, payload generation, and reporting workflows using modern development practices.

Produce clear, actionable reports that communicate technical findings, business risk, and remediation guidance to both technical and non-technical stakeholders.

Act as a subject-matter expert and primary point of contact for stakeholder teams engaged in offensive security programs and Stripe-wide security initiatives.

Lead offensive security projects end-to-end, mentor junior team members, and foster a culture of continuous learning and knowledge sharing.

Stay current with emerging threats, vulnerabilities, and attack techniques; share research internally and contribute to the broader security community.

XML job scraping automation by YubHub

In the last year, we've seen compelling signs that LLMs and agents are increasingly capable of novel cyber capabilities. We think 2026 will be the year where models reach expert-level, even superhuman, in several cybersecurity domains. This is a novel and massive threat surface.

As a Research Scientist on FRT focusing on cyber, you'll build the tools and frameworks needed to defend the world against advanced AI-enabled cyber threats. Senior candidates will have the opportunity to shape and grow Anthropic's cyberdefense research program, working with Security, Safeguards, Policy, and other partner teams.

This work sits at the intersection of AI capabilities research, cybersecurity, and policy,what we learn directly shapes how Anthropic and the world prepare for AI-enabled cyber threats. This is applied research with real-world stakes. Your work will inform decisions at the highest levels of the company, contribute to demonstrations that shape policy discourse, and build the technical defenses that we will need for a future of increasingly powerful AI systems.

Responsibilities

• Develop systems, tools, and frameworks for AI-empowered cybersecurity, such as autonomous vulnerability discovery and remediation, malware detection and management, network hardening, and pentesting
• Design and run experiments to elicit and evaluate autonomous AI cyber capabilities in realistic scenarios
• Design and build infrastructure for evaluating and enabling AI systems to operate in security environments
• Translate technical findings into compelling demonstrations and artifacts that inform policymakers and the public
• Collaborate with external experts in cybersecurity, national security, and AI safety to scope and validate research directions

Sample Projects

• Building frameworks and tools that enable AI models to autonomously find and patch vulnerabilities
• Running purple-team simulations where AI defenders compete against AI attackers in network environments
• Pointing autonomous AI systems at real-world security challenges (bug bounties, CTFs etc.) to characterize risks, defensive potential, and compare to human experts
• Building demonstrations of frontier AI cyber capabilities for policy stakeholders

You May Be a Good Fit If You

• Have deep expertise in cybersecurity or security research
• Are driven to find solutions to complex, high-stakes problems
• Have experience doing technical research with LLM-based agents or autonomous systems
• Have strong software engineering skills, particularly in Python
• Can own entire problems end-to-end, including both technical and non-technical components
• Design and run experiments quickly, iterating fast toward useful results
• Thrive in collaborative environments
• Care deeply about AI safety and want your work to have real-world impact on how humanity navigates advanced AI
• Are comfortable working on sensitive projects that require discretion and integrity
• Have proven ability to lead cross-functional security initiatives and navigate complex organizational dynamics

Strong Candidates May Also Have

• Experience with offensive security research, vulnerability research, or exploit development
• Research or professional experience applying LLMs to security problems
• Track record in competitive CTFs, bug bounties, or other security-related competitions
• Experience building security tools or automation
• Track record of building demos or prototypes that communicate complex technical ideas
• Experience working with external stakeholders (policymakers, government, researchers)
• Familiarity with AI safety research and threat modeling for advanced AI systems

Logistics

Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices. Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

How we're different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact , advancing our long-term goals of steerable, trustworthy AI , rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions and workshops.

XML job scraping automation by YubHub

We are looking for a cybersecurity expert to lead our efforts to prevent AI misuse in the cyber domain. As a Cyber Harms Technical Policy Manager, you will lead a team applying deep technical expertise to inform the design of safety systems that detect harmful cyber behaviours and prevent misuse by sophisticated threat actors.

In this role, you will:

• Lead and grow a team of technical specialists focused on cyber threat modelling and evaluation frameworks
• Design and oversee execution of capability evaluations ('evals') to assess the cyber-relevant capabilities of new models
• Create comprehensive cyber threat models, including attack vectors, exploit chains, precursor identification, and weaponization techniques
• Develop and iterate on usage policies that govern responsible use of our models for emerging capabilities and use cases related to cyber harms
• Serve as the primary domain expert on cyber harms, advising cross-functional teams on threat landscapes and mitigation strategies
• Collaborate closely with internal and external threat modelling experts to develop training data for safety systems, and with ML engineers to train these systems, optimising for both robustness against adversarial attacks and low false-positive rates for legitimate security researchers
• Analyse safety system performance in traffic, identifying gaps and proposing improvements
• Conduct regular reviews of existing policies and enforcement systems to identify and address gaps and ambiguities related to cybersecurity risks
• Develop rigorous stress-testing of safeguards against evolving cyber threats and product surfaces
• Partner with Research, Product, Policy, Security Team, and Frontier Red Team to ensure cybersecurity safety is embedded throughout the model development lifecycle
• Translate cybersecurity domain knowledge into actionable safety requirements and clearly articulated policies
• Contribute to external communications, including model cards, blog posts, and policy documents related to cybersecurity safety
• Monitor emerging technologies and threat landscapes for their potential to contribute to new risks and mitigation strategies, and strategically address these
• Mentor and develop team members, fostering a culture of technical excellence and responsible AI development

You may be a good fit if you have:

• An M.S. or PhD in Computer Science, Cybersecurity, or a related technical field, OR equivalent professional experience in offensive or defensive cybersecurity
• 5+ years of hands-on experience in cybersecurity, with deep expertise in areas such as vulnerability research, exploit development, network security, malware analysis, or penetration testing
• 2+ years of experience managing technical teams or leading complex technical projects with multiple stakeholders
• Experience in scientific computing and data analysis, with proficiency in programming (Python preferred)
• Deep expertise in modern cybersecurity, including both offensive techniques (vulnerability research, exploit development, penetration testing, malware analysis) and defensive measures (detection, monitoring, incident response)
• Demonstrated ability to create threat models and translate technical cyber risks into policy frameworks
• Familiarity with responsible disclosure practices, vulnerability coordination, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, CWE/CVE systems)
• Strong analytical and writing skills, with the ability to navigate ambiguity and explain complex technical concepts to non-technical stakeholders
• Experience developing policies or guidelines at scale, balancing safety concerns with enabling legitimate use cases
• A passion for learning new skills and an ability to rapidly adapt to changing techniques and technologies
• Comfort working in a fast-paced environment where priorities may shift as AI capabilities evolve
• Track record of translating specialised technical knowledge into actionable safety policies or enforcement guidelines

Preferred Qualifications:

• Background in AI/ML systems, particularly experience with large language models
• Experience developing ML-based security systems or adversarial ML research
• Experience working with defence, intelligence, or security organisations (e.g., NSA, CISA, national labs, security contractors)
• Published security research, disclosed vulnerabilities, or participated in bug bounty programs
• Understanding of Trust & Safety operations and content moderation at scale
• Certifications such as OSCP, OSCE, GXPN, or equivalent demonstrating technical depth
• Understanding of dual-use security research concerns and ethical considerations in AI safety

XML job scraping automation by YubHub

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the Team

The Frontier Red Team (FRT) is a small, focused technical research team within Anthropic's Policy organization. Our goal is to make the entire world safer in an era of advanced AI by understanding what these systems can do and building the defenses that matter.

In 2026, we're focused on researching and ensuring safety with self-improving, highly autonomous AI systems, especially ones related to cyberphysical capabilities. See our previous related work on exploits, partnering with Mozilla, and zero days. This is early-stage, high-conviction research with the potential for outsized impact.

About the Role

In the last year, we've seen compelling signs that LLMs and agents are increasingly capable of novel cyber capabilities. We think 2026 will be the year where models reach expert-level, even superhuman, in several cybersecurity domains. This is a novel and massive threat surface.

As a Research Scientist on FRT focusing on cyber, you'll build the tools and frameworks needed to defend the world against advanced AI-enabled cyber threats. Senior candidates will have the opportunity to shape and grow Anthropic's cyberdefense research program, working with Security, Safeguards, Policy, and other partner teams. This work sits at the intersection of AI capabilities research, cybersecurity, and policy—what we learn directly shapes how Anthropic and the world prepare for AI-enabled cyber threats.

This is applied research with real-world stakes. Your work will inform decisions at the highest levels of the company, contribute to demonstrations that shape policy discourse, and build the technical defenses that we will need for a future of increasingly powerful AI systems.

What You'll Do

• Develop systems, tools, and frameworks for AI-empowered cybersecurity, such as autonomous vulnerability discovery and remediation, malware detection and management, network hardening, and pentesting

• Design and run experiments to elicit and evaluate autonomous AI cyber capabilities in realistic scenarios

• Design and build infrastructure for evaluating and enabling AI systems to operate in security environments

• Translate technical findings into compelling demonstrations and artifacts that inform policymakers and the public

• Collaborate with external experts in cybersecurity, national security, and AI safety to scope and validate research directions

Sample Projects

• Building frameworks and tools that enable AI models to autonomously find and patch vulnerabilities

• Running purple-team simulations where AI defenders compete against AI attackers in network environments

• Pointing autonomous AI systems at real-world security challenges (bug bounties, CTFs etc.) to characterize risks, defensive potential, and compare to human experts

• Building demonstrations of frontier AI cyber capabilities for policy stakeholders

You May Be a Good Fit If You

• Have deep expertise in cybersecurity or security research

• Are driven to find solutions to complex, high-stakes problems

• Have experience doing technical research with LLM-based agents or autonomous systems

• Have strong software engineering skills, particularly in Python

• Can own entire problems end-to-end, including both technical and non-technical components

• Design and run experiments quickly, iterating fast toward useful results

• Thrive in collaborative environments

• Care deeply about AI safety and want your work to have real-world impact on how humanity navigates advanced AI

• Are comfortable working on sensitive projects that require discretion and integrity

• Have proven ability to lead cross-functional security initiatives and navigate complex organizational dynamics

Strong Candidates May Also Have

• Experience with offensive security research, vulnerability research, or exploit development

• Research or professional experience applying LLMs to security problems

• Track record in competitive CTFs, bug bounties, or other security-related competitions

• Experience building security tools or automation

• Track record of building demos or prototypes that communicate complex technical ideas

• Experience working with external stakeholders (policymakers, government, researchers)

• Familiarity with AI safety research and threat modeling for advanced AI systems

Logistics

Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience. Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will

XML job scraping automation by YubHub