OpenAI· Security· San Francisco and Seattle
Security Engineer, Host Assurance
Comp$293K – $385K
Classified Tasks (23)
Automate 0%Augment 65%Human-Only 35%
Augment (15)
AI assists, human decides
Design, build, and operate components of the Host Assurance platform to establish trust in bare-metal hosts before they are eligible for production use
technical
Ensure hosts are verifiably trustworthy from delivery and installation through secure bootstrap and readiness to join orchestration systems
operational
Build systems for machine identity management
technical
Implement certificate issuance and enrollment systems
technical
Build HSM-backed or key-management-backed trust services
technical
Implement host attestation systems
technical
Develop measurement and baseline verification tooling
technical
Detect and manage hardware and firmware drift continuously over time
operational
Eliminate insecure bootstrap patterns while preserving deployment throughput and operational reliability
technical
Contribute code to foundational trust services
technical
Perform code reviews for foundational trust services
technical
Implement operational improvements for foundational trust services to ensure dependability at scale
operational
Define observable, testable security properties for host platforms
analytical
Improve telemetry and validation needed to enforce host security properties in practice
technical
Implement post-incident improvements for security-critical infrastructure
operational
Human-Only (8)
Requires human judgment
Validate delivered hardware and firmware against vendor claims
analytical
Partner with provisioning, fleet, and orchestration teams to deliver paved secure deployment paths
leadership
Provide design guidance for foundational trust services
leadership
Participate in incident response for security-critical infrastructure
operational
Debug security-critical infrastructure incidents
technical
Work across different deployment models and provider boundaries while maintaining a consistent bar for host trust outcomes
leadership
Partner closely with infrastructure, research, and confidential computing initiatives to integrate secure host assurance for novel hardware platforms and emerging deployment models
leadership
Operate at the trust boundary between physical hardware and cloud-scale orchestration to ensure hosts can safely run workloads with predictable security properties and auditability
operational
Job description
Security Engineer, Host Assurance | OpenAI Careers ## Security Engineer, Host Assurance Security - San Francisco and Seattle Apply now(opens in a new window) **About the Team** Security is foundational to OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security organization protects OpenAI’s technology, people, and products by building and operating deeply technical systems that must work reliably at massive scale. Our work underpins OpenAI’s commitments around safety, privacy, and security across research, products, and emerging platforms. The Host Assurance team exists to make bare metal a dependable, scalable foundation for OpenAI: secure by default, verifiable in practice, and resilient across providers and operating models. We operate at the trust boundary between physical hardware and cloud-scale orchestration, ensuring that hosts are eligible to safely run workloads with predictable security properties and auditability. **About the Role** OpenAI is seeking a **Security Engineer, Host Assurance** to help build the trust foundations for bare-metal platforms across OpenAI’s global infrastructure. This is a deeply hands-on engineering role for a builder who can design, implement, and operate the core security infrastructure that establishes trust in hardware platforms before they are eligible to run workloads. Success in this role requires strong technical judgment, the ability to work comfortably at low levels of the stack, and a practical mindset for building systems that are secure, reliable, and usable in fast-moving production environments. The systems you build will sit on the critical path of OpenAI’s frontier infrastructure investments and will directly shape how large amounts of compute are brought online - securely, responsibly, and at global scale - underpinning long-lived commitments around privacy, security, and reliability. You will partner closely with infrastructure, research, and confidential computing initiatives—including novel hardware platforms and emerging deployment models– to make the secure path the easiest path. This role is well suited for engineers who enjoy working across trust services, operating systems, hardware and firmware validation, and infrastructure security, and who are excited by ambiguous, high-impact problems at the boundary of hardware and large-scale systems. **In this role, you will:** * Design, build, and operate components of the Host Assurance platform that establish trust in bare-metal hosts before they are eligible for production use. * Help ensure hosts are verifiably trustworthy from delivery and installation through secure bootstrap and readiness to join orchestration systems. * Build and improve systems such as machine identity, certificate issuance and enrollment, HSM-backed or key-management-backed trust services, host attestation, measurement, and baseline verification tooling. * Validate delivered hardware and firmware against vendor claims and continuously detect and manage drift over time. * Eliminate insecure bootstrap patterns while preserving deployment throughput and operational reliability. Partner with provisioning, fleet, and orchestration teams to deliver paved paths where the secure approach is the easiest approach. * Contribute code, reviews, operational improvements, and design guidance for foundational trust services that must be dependable at scale. * Help define observable, testable security properties for host platforms and improve the telemetry and validation needed to enforce them in practice. * Participate in incident response, debugging, and post-incident improvements for security-critical infrastructure. * Work across different deployment models and provider boundaries while maintaining a consistent bar for host trust outcomes. **You might thrive in this role if you:** * Have strong software engineering experience building and operating reliable