About The Position

OpenAI's Cyber team is focused on making frontier AI safe, trusted, and transformative. This role specifically involves building the security foundation for Codex, including native controls for access and actions, and interfaces for customers and security partners to inspect, constrain, approve, and respond to Codex activity. The goal is to ensure Codex is secure by default, governable by enterprises, and interoperable with existing security products. This position is for a deeply technical Product Manager to help build these security controls and the surrounding partner ecosystem.

Requirements

  • Deeply technical Product Manager experience.
  • Experience building enterprise security, developer-platform, infrastructure, or control-plane products.
  • Understanding of identity, authorization, sandboxing, secrets, tool use, APIs, and audit systems.
  • Ability to think in terms of trust boundaries, failure modes, and abuse paths.
  • Ability to balance security, developer productivity, latency, reliability, and customer control.
  • Experience building integrations across complex enterprise systems or partner ecosystems.
  • Ability to turn conflicting partner requirements into a coherent platform.
  • Ability to communicate credibly with developers, security architects, CISOs, researchers, and partner product teams.
  • Focus on measurable security outcomes and real adoption.

Nice To Haves

  • Experience in application security, identity, cloud security, data security, source control, CI/CD, SIEM, or enterprise governance.
  • Familiarity with RBAC, ABAC, policy-as-code, OAuth, OIDC, workload identity, or secrets management.
  • Experience with AI agents, MCP, sandboxed execution, prompt-injection defenses, or agent-security evaluations.
  • Experience building SDKs, developer platforms, integration marketplaces, or certification programs.

Responsibilities

  • Build native security controls for Codex, including identity, roles, permissions, tenant isolation, access to various resources (repositories, files, tools, secrets, networks, infrastructure), execution authority, human and policy-based approvals, and defenses against prompt-injection and untrusted content.
  • Establish a graduated authority model for actions based on risk.
  • Define common, versioned interfaces for customer-selected security products to participate in Codex workflows, supporting context sharing, inspection, decision-making, telemetry export, and response actions.
  • Define clear requirements for these interfaces, including authentication, authorization, consent, data minimization, latency, and compatibility.
  • Build the partner ecosystem by working with security vendors and design partners to create integrations, SDKs, documentation, test environments, and certification requirements.
  • Prioritize partners based on customer value, technical relevance, and platform contribution.
  • Shape the customer experience by defining how enterprise administrators configure and understand security controls, including policies, approved providers, approval requirements, and audit workflows.
  • Ensure developers receive clear explanations for blocked actions.
  • Establish evaluation and launch gates with security, safety, research, and engineering teams to test controls under realistic and adversarial conditions.
  • Evaluate risks such as permission bypass, prompt injection, secret exposure, and partner outages.
  • Help determine readiness for broader deployment of new Codex capabilities.

Benefits

  • Equal opportunity employer
  • Commitment to reasonable accommodations for applicants with disabilities
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service