OpenAI

Software Engineer, Codex Security

OpenAI5 days ago
Location

San Francisco

Type

Full Time

Salary

USD 230,000 – 325,000

Level

Mid

Role

Full Stack Engineer

Posted

Jul 7, 2026

Full TimeMid

The role

Summary

Join OpenAI's Codex Cyber team to build AI-native application security products that help organizations discover, validate, and remediate real vulnerabilities in software systems. This full-stack role combines product development, backend services, cloud infrastructure, and security analysis pipelines to create the next generation of intelligent vulnerability detection and remediation tools. You'll work as a high-agency software engineer with strong fundamentals across multiple domains, translating complex security research and AI capabilities into intuitive workflows for technical users in a fast-moving, early-stage team.

What you'll do

Build end-to-end product features across the full stack: Design and implement complete features for Codex Security spanning user-facing interfaces, REST APIs, backend services, and workflow tooling. Own the full journey from concept through production deployment, ensuring cohesive experiences that integrate model outputs with security analysis and developer workflows.
Own ambiguous 0-to-1 projects and platform initiatives: Take ownership of greenfield projects across product pods, platform security controls, customer deployment workflows, and cyber model infrastructure. Navigate unclear requirements and translate them into crisp, scalable systems that advance OpenAI's security platform capabilities.
Translate security research into intuitive developer workflows: Partner with security researchers and ML teams to surface complex model capabilities through interfaces that help teams find, validate, prioritize, and remediate vulnerabilities with high signal. Make advanced security analysis understandable and actionable for technical users.
Design scalable systems for enterprise-grade security analysis: Architect observable, performant systems capable of executing long-running security analyses across large codebases and complex enterprise environments. Build infrastructure that scales analysis capabilities while maintaining reliability and data integrity.
Collaborate across engineering, product, research, and infrastructure teams: Work closely with product managers, security researchers, infrastructure engineers, and customer-facing partners to iterate rapidly based on real-world feedback. Shape technical direction and architecture decisions as the Codex Cyber product surface grows.
Build developer tools and internal platforms: Create infrastructure, internal tooling, and platform controls that help security researchers and AI models improve over time. Ensure Codex Cyber operates safely and reliably while enabling rapid iteration on product features.

What we look for

Technical

Full-stack software engineering fundamentalsStrong grasp of software design principles, system architecture, and the ability to work effectively across product interfaces, backend services, databases, and infrastructure layers. Demonstrated experience building production systems with attention to reliability, observability, and maintainability.
API and service designProficiency designing and implementing well-architected REST APIs and backend services. Experience with API versioning, authentication, rate limiting, and creating interfaces that are intuitive for developer consumption.
Cloud infrastructure and deploymentPractical experience with cloud platforms and containerized deployments. Comfortable with infrastructure-as-code, observability tools, monitoring, and scaling applications to handle enterprise workloads.
Data persistence and query optimizationUnderstanding of relational and non-relational database design, query optimization, and data modeling. Ability to design schemas and access patterns that support complex analytical and operational workflows.
Product-minded development approachAbility to translate ambiguous product and user requirements into technical specifications. Strong product instincts paired with the ability to collaborate closely with product teams to validate decisions against real user needs.

Education

Bachelor's degree in Computer Science or related field (or equivalentFormal education in computer science, software engineering, mathematics, or a closely related discipline. Equivalent professional experience demonstrating mastery of computer science fundamentals will be considered.

Experience

5+ years of full-stack software developmentSubstantial experience building production software systems across multiple layers of the stack. Demonstrated ability to own projects end-to-end, ship features to users, and iterate based on feedback.
Experience with developer tools or platformsTrack record building developer-facing tools, APIs, workflow platforms, or internal infrastructure. Understanding of how to design systems that technical users find intuitive and reliable.
Application security or security product experience (preferred)Background in application security, product security, vulnerability research, defensive security, identity systems, SSO, or secure developer workflows. This is valuable context but not required if you have strong product and platform engineering instincts.
Ownership and autonomy in early-stage settingsDemonstrated success in fast-moving, ambiguous environments. Ability to take high-agency ownership, make reasonable technical decisions with incomplete information, and move projects from concept through production.

Skills

Required skills

Python or GoStrong proficiency in Python or Go for backend service development, data processing, and systems programming. These languages are common in security tooling and AI infrastructure.
TypeScript/JavaScriptExperience building user-facing web applications with TypeScript or JavaScript. Ability to work with modern frontend frameworks and create responsive, accessible user interfaces.
SQLProficiency writing and optimizing SQL queries, designing normalized schemas, and understanding query performance analysis and indexing strategies.
System design and architectureAbility to reason about scalability, reliability, and observability when designing systems. Experience with tradeoffs between different architectural approaches (microservices vs monoliths, synchronous vs asynchronous processing, etc.).
Version control and development workflowsFluency with Git, code review practices, and collaborative development workflows. Ability to write clear commit messages and participate constructively in technical discussions.
Testing and observabilityExperience writing unit tests, integration tests, and setting up monitoring/alerting. Understanding of debugging production systems and instrumenting code for observability.

Nice to have

Application security fundamentalsFamiliarity with OWASP Top 10, secure coding practices, common vulnerability types (XSS, SQL injection, CSRF, etc.), and threat modeling. Helpful context but learnable on the job.
Machine learning systems experienceBackground working with ML/AI systems, model serving infrastructure, or ML data pipelines. Valuable for understanding how to integrate model outputs with production systems.
Kubernetes or container orchestrationExperience deploying and managing containerized applications at scale. Understanding of container networking, resource management, and orchestration patterns.
Distributed systems and async processingExperience with message queues, event-driven architectures, long-running job processing, or distributed tracing. Relevant for scaling security analysis pipelines.
Security analysis or static/dynamic analysis toolsFamiliarity with SAST, DAST, or other security analysis tools. Understanding of how vulnerability detection and remediation workflows function in practice.
Monitoring and observability platformsExperience with observability stacks (Prometheus, Datadog, Splunk, etc.), structured logging, distributed tracing, and incident response tooling.

Compensation & benefits

Salary

USD 230,000 – 325,000 (annual)

Stock options

Available

Benefits

Comprehensive health coverage

Medical, dental, and vision insurance plans with OpenAI covering a significant portion of premiums for you and your family members.

Retirement savings plan

401(k) plan with employer matching to support your long-term financial planning and retirement security.

Generous paid time off

Competitive vacation policy, paid sick leave, and company holidays enabling work-life balance and personal wellness.

Parental leave

Paid parental leave for new parents, supporting family planning and providing flexibility during significant life transitions.

Equity compensation

Competitive stock options or equity grants as part of your total compensation, allowing you to participate in OpenAI's long-term success.

Professional development and learning

Opportunities to attend conferences, pursue certifications, and invest in continuous learning to advance your skills in AI, security, and software engineering.

Mental health and wellness support

Access to mental health resources, wellness programs, and employee assistance programs supporting overall wellbeing.

Flexible work arrangements

Opportunities for remote work flexibility and collaborative in-office environments based on role and team requirements.


Interview process

  1. 1
    Initial screening conversation 30-minute call with a recruiter covering your background, experience with full-stack development, familiarity with security concepts, and your interest in the Codex Cyber mission. This is an informal opportunity to learn about the role and determine cultural fit.
  2. 2
    Technical phone interview 60-minute conversation with a senior engineer from the Codex team. Expect questions around system design, your experience building scalable backend services, API design principles, and how you approach ambiguous technical problems. You may be asked to discuss past projects where you owned complex features end-to-end.
  3. 3
    Product and design thinking assessment Collaborative discussion evaluating your product instincts and ability to think through user needs. You may be given a scenario related to security workflows or vulnerability remediation and asked how you would approach building a feature to address it.
  4. 4
    Full-stack technical depth assessment 90-minute coding interview assessing your ability to write clean, well-structured code across different domains (frontend logic, backend service implementation, SQL queries). You may be asked to build a small prototype or solve problems spanning multiple layers of an application stack.
  5. 5
    Infrastructure and systems design session Deep-dive conversation with infrastructure or platform engineers about designing systems for scale. Discussion of how you would architect components for long-running security analyses, handle eventual consistency, design for observability, and scale to enterprise customers.
  6. 6
    Team and collaboration conversations Meetings with future team members and cross-functional partners (product, security research, infrastructure) to assess collaboration style, communication clarity, and ability to work effectively across disciplines in a fast-moving environment.
  7. 7
    Final leadership conversation 30-45 minute conversation with the team lead or engineering manager covering your long-term career interests, how you think about technical leadership and mentorship, your vision for the Codex Cyber platform, and any final questions about OpenAI's culture and mission.

Apply for this position

You'll be redirected to the company's application page


OpenAI

OpenAI

View all jobs

OpenAI is an American artificial intelligence research organization developing advanced AI models like GPT. Focused on ensuring AI benefits humanity, it creates tools for natural language processing and generative AI applications.

San Francisco, California, United StatesFounded 2015openai.com

Tech Stack

Languages
PythonTypeScript/JavaScriptGoSQL
Frameworks
React or Vue.jsFastAPI or FlaskNext.js or similar full-stack frameworks
Databases
PostgreSQLRedisVector databases (e.g., Pinecone, Weaviate)
Tools
Docker and container registryKubernetesCloud platforms (AWS, GCP)Git and GitHubMonitoring and logging (Datadog, Prometheus, ELK)
Other
REST API design and OpenAPI/SwaggerSecurity scanning and SAST toolsCI/CD pipelines (GitHub Actions, Jenkins)Async job processing and worker systems

Interview Guides

5 guides available for OpenAI

Apply Now