Senior Security Engineer, Enterprise Security
About the role
The Enterprise Security team at CoreWeave is responsible for securing the company's workforce and enterprise stack. This team owns the controls, guardrails, and automation that keep the workforce, contractors, and critical business applications protected in a modern, cloud-native environment.
Responsibilities
- Design and ship the security controls that underpin CoreWeave’s workforce and enterprise stack.
- Lead initiatives across identity, access management, device and endpoint security, and SaaS security—partnering closely with IT Engineering, Endpoint, Network, and other security teams.
- Blend hands-on engineering (writing code, building integrations, tuning controls) with architecture and program ownership (setting standards, defining patterns, and driving adoption across teams).
- Turn high-level objectives—like “implement zero trust for workforce access” or “deploy phishing-resistant MFA at scale”—into concrete designs, automation, and measurable risk reduction.
- Engineer modern identity and access controls.
- Develop and roll out phishing-resistant MFA for high-value accounts and critical access paths (e.g., FIDO2/WebAuthn, hardware keys, device-bound authenticators).
- Define and maintain RBAC/IAM patterns for enterprise applications (role models, groups, entitlements, JIT access, and approvals).
- Implement zero trust for workforce and enterprise access.
- Evaluate, onboard, and harden SaaS applications (Google Workspace, Microsoft 365, Slack, HRIS, ticketing, and other business apps) to align with enterprise security policies.
- Harden endpoints and the extended workforce.
- Support investigations and incident response related to identity, endpoint, and SaaS domains.
- Automate and instrument everything you can.
- Partner on detection, response, and governance.
Requirements
- 5+ years of experience in enterprise security, identity and access management, or closely related security engineering roles.
- Strong, practical understanding of modern IAM concepts: SSO, federation, RBAC/ABAC, JIT access, least privilege, and separation of duties.
- Hands-on experience implementing and operating SSO and workforce identity with platforms such as Okta, Entra ID, or equivalent IdPs.
- Deep familiarity with SAML, OAuth 2.0/OIDC, and SCIM, including real-world experience integrating these protocols with third-party SaaS and internal apps.
- Demonstrated experience designing and rolling out MFA, ideally including phishing-resistant approaches (FIDO2/WebAuthn, hardware security keys, device-bound authenticators, step-up authentication).
- Experience designing and deploying zero trust or context-aware access controls (e.g., device trust, network segmentation, mTLS, ZTNA) in hybrid or remote-friendly environments.
- Proficiency in at least one modern scripting or programming language (e.g., Python, Go) used to build automations, integrations, or internal tooling.
- Experience securing and integrating business-critical SaaS (e.g., Google Workspace, Microsoft 365, Slack, Atlassian, HRIS, ticketing) including SCIM provisioning, access reviews, and audit log ingestion.
- Familiarity with MDM and endpoint security tooling (e.g., Jamf, Intune, EDR platforms) and how they tie into identity and access decisions.
- Familiarity with enterprise security standards and frameworks (e.g., SOC 2, ISO 27001, NIST 800-53) and mapping enterprise controls to these requirements.
- Experience with SaaS security posture management (SSPM), CASB, DLP, or insider risk tooling focused on collaboration platforms and data access.
- Experience building or contributing to internal security tooling (e.g., access review automation, JML workflows, policy-as-code).
- Participation in security communities, standards groups, or open-source contributions in IAM, zero trust, or enterprise security.
Qualifications
Minimum Qualifications:
- 5+ years of experience in enterprise security, identity and access management, or closely related security engineering roles.
- A strong, practical understanding of modern IAM concepts: SSO, federation, RBAC/ABAC, JIT access, least privilege, and separation of duties.
- Hands-on experience implementing and operating SSO and workforce identity with platforms such as Okta, Entra ID, or equivalent IdPs.
- Deep familiarity with SAML, OAuth 2.0/OIDC, and SCIM, including real-world experience integrating these protocols with third-party SaaS and internal apps.
- Demonstrated experience designing and rolling out MFA, ideally including phishing-resistant approaches (FIDO2/WebAuthn, hardware security keys, device-bound authenticators, step-up authentication).
- Experience designing and deploying zero trust or context-aware access controls (e.g., device trust, network segmentation, mTLS, ZTNA) in hybrid or remote-friendly environments.
- Proficiency in at least one modern scripting or programming language (e.g., Python, Go) used to build automations, integrations, or internal tooling.
- Experience securing and integrating business-critical SaaS (e.g., Google Workspace, Microsoft 365, Slack, Atlassian, HRIS, ticketing) including SCIM provisioning, access reviews, and audit log ingestion.
- Familiarity with MDM and endpoint security tooling (e.g., Jamf, Intune, EDR platforms) and how they tie into identity and access decisions.
- Familiarity with enterprise security standards and frameworks (e.g., SOC 2, ISO 27001, NIST 800-53) and mapping enterprise controls to these requirements.
- Experience with SaaS security posture management (SSPM), CASB, DLP, or insider risk tooling focused on collaboration platforms and data access.
- Experience building or contributing to internal security tooling (e.g., access review automation, JML workflows, policy-as-code).
- Participation in security communities, standards groups, or open-source contributions in IAM, zero trust, or enterprise security.
Skills
Preferred Skills:
- Working in high-growth or hyperscale environments where security must keep pace with rapid headcount and tooling expansion.
- Hands-on experience with zero trust network access or secure access products (e.g., ZTNA, secure web gateways, or identity-aware proxies).
- Familiarity with enterprise security standards and frameworks (e.g., SOC 2, ISO 27001, NIST 800-53) and mapping enterprise controls to these requirements.
- Experience with SaaS security posture management (SSPM), CASB, DLP, or insider risk tooling focused on collaboration platforms and data access.
- Experience building or contributing to internal security tooling (e.g., access review automation, JML workflows, policy-as-code).
- Participation in security communities, standards groups, or open-source contributions in IAM, zero trust, or enterprise security.
Benefits
CoreWeave offers a comprehensive benefits program including medical, dental, and vision insurance, company-paid life insurance, short and long-term disability insurance, a flexible spending account, a health savings account, tuition reimbursement, ability to participate in employee stock purchase programs, mental wellness benefits, paid parental leave, flexible PTO, catered lunch, and more. Additionally, CoreWeave supports an entrepreneurial outlook and independent thinking, fostering an environment that encourages collaboration and innovation.