Offensive Security Engineer
About the role
The Offensive Security Engineer plays a crucial role in ensuring the security, resilience, and compliance of both internal and external systems at CoreWeave. This role involves leading efforts to identify and mitigate security risks, performing penetration testing, conducting threat modeling, and providing guidance to engineering teams on secure design and best practices. Additionally, this role involves developing security tooling, researching emerging threats, and contributing to the continuous improvement of CoreWeave’s overall security posture.
Responsibilities
- Perform penetration testing as well as purple and red team exercises.
- Conduct threat modeling, code reviews, and design reviews for development teams.
- Research new attack techniques and develop strategies to counter them.
- Develop and enforce security best practices and standards, maintaining internal compliance.
- Provide solutions to complex security issues, manage multiple tasks, and prioritize effectively in a fast-paced environment.
- Present technical security information to both technical and non-technical audiences.
- Maintain technical documentation, reports, and security tooling with attention to detail.
- Participate in other security-related initiatives as assigned.
Requirements
- 5+ years of experience in offensive information security roles.
- Proficiency in at least one programming or scripting language (e.g., Go, Python, C/C++) for automation, code reviews, and tooling.
- Bachelor’s degree in Computer Science or related field.
- Hands-on penetration testing experience and familiarity with offensive security tools.
- Strong technical knowledge of Linux operating systems and containerized environments.
- Experience securing Kubernetes and understanding related security practices.
- Able to navigate ambiguity, identify root causes, and solve complex security problems.
- Excellent written and verbal communication skills with strong technical documentation abilities.
- Capable of working independently while managing multiple priorities in a fast-paced environment.
- Strong desire to continuously learn and adopt new technologies and security techniques.
Preferred Experience
- With firmware reverse engineering, analyzing binaries, bootloaders, and embedded systems for vulnerabilities.
- Relevant certifications such as Sec+, Net+, OSCP, or equivalent.
- Experience with EDR tuning, detections-as-code, or threat hunting as part of a Blue Team.
- Deep understanding of business-wide security best practices and implementation strategies.
Benefits
CoreWeave offers a comprehensive benefits program including medical, dental, and vision insurance, company-paid life insurance, short and long-term disability insurance, a flexible spending account, a health savings account, tuition reimbursement, a mental wellness benefit through Spring Health, family-forming support provided by Carrot, paid parental leave, flexible childcare support with Kinside, a 401(k) with a generous employer match, an employee stock purchase program (ESPP), catered lunch each day in our office and data center locations, a casual work environment, and a work culture focused on innovative disruption. The base salary range for this role is $165,000 to $242,000, with the starting salary determined based on job-related knowledge, skills, experience, and market location.