TLM, Codex Security

TLM, Codex Security About the Team: Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. Codex Security is OpenAI’s first security agent, built to scan source code repositories, validate real vulnerabilities, and integrate with Codex to help generate fixes. About the Role: We’re looking for a Technical Lead Manager (TLM) to lead the Codex Security team. In this role, you will own the technical direction of the product, lead a team of engineers and researchers building agentic security systems, and work closely with customers adopting Codex security. This role blends technical leadership, product thinking, and security expertise. You’ll guide the development of AI-driven security research capabilities while ensuring the system delivers real value to organizations securing large-scale codebases. What you’ll do: - Lead and grow a team building Codex Security, OpenAI’s agentic security researcher. - Set the technical direction for systems that analyze large codebases, surfacing higher-confidence findings and automatically generate fixes. - Design architectures for agent-based security workflows combining LLM reasoning, source code analysis, and developer tooling. - Work closely with product, research, and GTM teams to shape Codex Security’s roadmap and enterprise adoption. - Partner with enterprise customers to understand real-world security challenges and ensure Codex Security solves them effectively. - Drive high engineering standards across reliability, security, and performance. - Translate advances in AI agents into practical tools for developers and security teams. You may thrive if you: - Have led engineering teams building complex technical systems, ideally in security, developer tooling, or AI. - Have strong technical depth in software engineering, distributed systems, or application security. - Are comfortable working across product, research, and customer-facing workstreams. - Enjoy translating ambiguous problems into concrete technical systems. - Are excited about applying AI agents to real-world security problems. - Can balance long-term technical vision with rapid iteration on a product used by customers. - Communicate clearly with both engineers and enterprise stakeholders. Goals & impact - Development of high-confidence vulnerability discovery and automated patch generation system across millions of repos, significantly reducing false positives and enabling engineering teams to ship secure code faster while minimizing triage overhead - Outcomes include: more resilient AI architectures, reduced exploit windows, and better-targeted security R&D investments across enterprises and consumers Key technical challenges - High-precision security detection at scale: Designing pipelines that scan millions of commits while maintaining a high signal-to-noise ratio—minimizing false positives and over-reported severity while still catching rare but critical vulnerabilities. - Context-aware threat modeling: Automatically constructing and evolving project-specific threat models that capture system trust boundaries, assets, and attack surfaces, and using them to guide vulnerability discovery and prioritization. - Automated vulnerability validation: Building sandboxed environments and validation workflows that can reproduce and pressure-test potential vulnerabilities to distinguish real exploits from speculative findings. - Automated patch generation with minimal regressions: Generating secure, context-aware code fixes that align with system intent and surrounding logic, ensuring patches improve security without breaking functionality. - Operating large-scale security agents: Running agentic security workflows across millions of commits and repositories while maintaining reliability, performance, and cost efficiency. - Human–AI security collaboration: Designing feedback loops where developer input (e.g., severity adjustments and tria ... (truncated, view full listing at source)