Windows Security Engineer

5+ years experience and expert knowledge with Windows internals, configuration management, security hardening, and advanced security features.
Expert-level security experience in protecting and managing Microsoft Active Directory and Azure Active Directory, including Conditional Access Policies.
Hands-on experience with large-scale Windows fleet administration including device provisioning, management, and maintenance.
Credential protection methods (Credential Guard, LSASS isolation, virtualization-based security)
Proficiency with deploying and managing endpoint baselines, security solutions (e.g. management frameworks, EDR tools), and event log collection (e.g., Windows Event Forwarding or similar).
Experience managing configuration as code.
Experience with public cloud service providers (Microsoft Azure preferred).
Proficiency with Powershell and scripting languages (e.g. Bash, Python, or similar).
Deep knowledge of modern adversary tactics, techniques, and procedures, and experience with threat modeling.
The ability to empathize and collaborate with colleagues, independently manage and run projects, and prioritize efforts for risk reduction.

Lead the strategy and implementation of the security stack for Windows across our fleet, including developer systems, Azure Virtual Desktops, servers, and specialized employee systems.
Lead threat-modeling initiatives to continuously improve the security of the Windows platform across OpenAI, including cloud-native, hybrid, and on-premises environments.
Closely collaborate with OpenAI’s Windows-facing product teams to ensure security best practices are baked into both developer systems and the software they produce.
Implement the strongest controls available in the Windows ecosystem, including passwordless authentication, attack surface reduction (e.g., application allowlisting), code integrity, and virtualization-based security.
Influence security for our overall authentication and authorization strategy by implementing Azure conditional access policies, Intune policies, and improving the security of native Azure services.
Ensure the continuous health and sufficiency of security telemetry from and alert coverage for our Windows fleet.
Improve employee experience through operating system, process, and performance improvements.
Research adversary tradecraft and implement Windows security detections to protect OpenAI, its users, and its technology.