Systems Software Engineer, Security, First Party Hardware

About the Team

OpenAIs Hardware organization develops silicon systems and platform infrastructure designed for the unique demands of advanced AI workloads. The First-Party Hardware team works across accelerators servers racks firmware manufacturing deployment and operations to build AI-native compute systems for OpenAIs supercomputing infrastructure. Security is a foundational property of these systems spanning how devices are designed provisioned enrolled operated serviced and retired.

About the Role

Were seeking a Security Engineer to join our First-Party Hardware this role you will own the end-to-end security foundation for OpenAIs first-party AI hardware systems working across hardware security embedded security system security and practical deployment at data center scale.

You will partner with silicon hardware firmware infrastructure manufacturing operations and security teams to define and deliver system-level device trust. This includes boot integrity device identity provisioning attestation management-plane security storage encryption debug controls firmware update and recovery RMA and decommissioning. You will be accountable for turning threat models into requirements requirements into implementation and implementation into validation evidence that can support launch decisions.

Location: San Francisco CA (Hybrid: 3 days/week onsite)

Relocation assistance available.

In this role you will:

• Own security requirements threat models validation strategy and launch-readiness evidence for first-party hardware platforms from early design through production deployment.

• Design and review secure boot measured boot roots of trust platform firmware resilience firmware signing recovery and anti-rollback strategies across heterogeneous devices.

• Own device identity provisioning enrollment attestation certificate lifecycle and key-management requirements across manufacturing and data center bring-up.

• Harden management interfaces and operational access paths across BMCs hosts accelerators switches and service tooling including TLS/mTLS Redfish gNMI SSH syslog and break-glass workflows.

• Drive security requirements for manufacturing supply chain firmware/image signing storage encryption RMA repair and decommissioning processes.

• Build and drive validation for security-critical hardware and firmware behavior including debug lockout lifecycle transitions update paths attestation evidence and recovery flows.

• Partner with vendors and contract manufacturers to turn security requirements into concrete deliverables test evidence and launch gates.

• Drive end-to-end closure across design implementation manufacturing readiness deployment readiness fleet operations and incident response when security issues arise.

• Investigate hardware and firmware security issues assess exploitability and operational risk and drive durable fixes with engineering owners.

You might thrive in this role if you have:

• 7 years of hands-on experience or exceptional accomplishments demonstrating equivalent expertise in hardware security embedded security firmware security platform security or low-level systems security.

• Experience shipping or securing real hardware platforms embedded devices servers accelerators networking systems BMCs bootloaders BIOS/UEFI RTOS kernels or firmware update systems.

• Deep familiarity with secure boot measured boot TPMs hardware roots of trust device attestation key provisioning debug interfaces firmware signing recovery or lifecycle-state design.

• Strong applied-cryptography judgment for secure boot attestation TLS/mTLS key storage certificate lifecycle storage encryption and long-range transitions such as post-quantum readiness.

• Ability to read and write systems code in C C or Rust and to use that skill to review prototype test or debug security-critical behavior.

• Comfort with hardware-software interfaces such as SPI I2C SMBus PCIe UART JTAG SWD GPIOs TPMs and board-level debug tools.

• Proven track record driving security improvements with hardware firmware infrastructure manufacturing operations and partner teams.

• Experience owning broad ambiguous security programs end to end including translating risk into technical requirements validation plans and accountable engineering decisions.

• Clear written and verbal communication with the ability to turn ambiguous security risks into actionable requirements design reviews tests and decisions.

To comply with U.S. export control laws and regulations candidates for this role may need to meet certain legal status requirements as provided in those laws and regulations.

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core and to achieve our mission we must encompass and value the many different perspectives voices and experiences that form the full spectrum of humanity.

We are an equal opportunity employer and we do not discriminate on the basis of race religion color national origin sex sexual orientation age veteran status disability genetic information or other applicable legally protected characteristic.

For additional information please see OpenAIs Affirmative Action and Equal Employment Opportunity Policy Statement.

Background checks for applicants will be administered in accordance with applicable law and qualified applicants with arrest or conviction records will be considered for employment consistent with those laws including the San Francisco Fair Chance Ordinance the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act for US-based candidates. For unincorporated Los Angeles County workers: we reasonably believe that criminal history may have a direct adverse and negative relationship with the following job duties potentially resulting in the withdrawal of a conditional offer of employment: protect computer hardware entrusted to you from theft loss or damage; return all computer hardware in your possession (including the data contained therein) upon termination of employment or end of assignment; and maintain the confidentiality of proprietary confidential and non-public addition job duties require access to secure and protected information technology systems and related data security obligations.

To notify OpenAI that you believe this job posting is non-compliant please submit a report through this form. No response will be provided to inquiries unrelated to job posting compliance.

We are committed to providing reasonable accommodations to applicants with disabilities and requests can be made via this link.

OpenAI Global Applicant Privacy Policy

At OpenAI we believe artificial intelligence has the potential to help people solve immense global challenges and we want the upside of AI to be widely shared. Join us in shaping the future of technology.

Required Experience:

IC