Technical Threat Investigator, Threat Intel Engineering

OpenAI•San Francisco, CA

8d•Remote

About The Position

As a Technical Threat Investigator at OpenAI, you will help protect the company from sophisticated adversaries targeting OpenAI and the broader ecosystem, as well as those attempting to misuse our models in support of cyber operations. This is a deeply investigative role. You will independently conduct complex, end-to-end investigations into capable threat actors to understand their behavior, infrastructure, emerging techniques, and how AI is integrated into their workflows. You’ll use these insights to proactively identify malicious activity and drive detection, disruption, enforcement, and safety improvements across the company. You’ll translate your investigative findings into durable solutions that scale impact. You’ll build and own lightweight tooling, automate where it matters, and create AI-assisted workflows to make investigations faster, more repeatable, and more effective over time.

Requirements

Experience in threat intelligence, incident response, offensive security, or a closely related field.
Solid experience investigating sophisticated threat actors, including model misuse, platform abuse, or other adversarial activity in complex environments.
A strong understanding of adversary behavior, infrastructure, and tradecraft, and the ability to apply that understanding to proactive investigations.
Demonstrated ability to independently drive deep technical investigations from ambiguous signals through to clear, actionable findings.
Experience using AI to extend or accelerate investigative workflows.
Strong scripting ability and comfort building lightweight automation, investigative tooling, or workflows that improve scale and repeatability.
Strong ability to leverage telemetry from diverse systems and vendors to drive investigations, including directly querying, extracting, and stitching together data where needed.
Strong written and verbal communication skills, especially the ability to translate technical investigations into high-signal outputs for diverse stakeholders.
Comfort operating independently in ambiguous, fast-moving problem spaces with minimal oversight.

Responsibilities

Conduct deep, end-to-end investigations into sophisticated threat actors interacting with OpenAI’s models, products, and broader ecosystem.
Think like an adversary — model attacker behavior, anticipate misuse patterns, and proactively hunt for, identify, and disrupt malicious activity.
Leverage internal telemetry, OSINT, vendor data, and in-house safety systems to produce high-confidence findings on adversarial use of our models in cyber operations, platform abuse, and threats targeting OpenAI.
Translate investigative findings into concrete improvements across detection, enforcement, intel, and safety pipelines.
Build tooling, scripts, automations, and agentic workflows that scale investigative throughput and reduce manual effort.
Prototype solutions in ambiguous and emerging problem spaces, including new product surfaces, novel attacker behaviors, and areas where existing coverage may be limited.
Partner closely with teams across Security, Safety Systems, Product Policy, and Integrity to operationalize findings and drive meaningful outcomes.
Produce clear, high-signal written outputs and recommendations that inform decision-making across technical and executive stakeholders.