Jobs · Information Technology · New York

Senior Security Engineer, Enterprise Security

CoreWeave · New York, NY · 3 wk ago
Information Technology$165k–$242k/yrFull-time

About the role

The Enterprise Security team at CoreWeave is responsible for securing how our people work every day—identity, endpoints, networks, and SaaS—so the company can move fast without compromising safety. This team owns the controls, guardrails, and automation that keep our workforce, contractors, and critical business applications protected in a modern, cloud-native environment.

Responsibilities

  • Design and ship the security controls that underpin CoreWeave’s workforce and enterprise stack.
  • Lead initiatives across identity, access management, device and endpoint security, and SaaS security—partnering closely with IT Engineering, Endpoint, Network, and other security teams.
  • Blend hands-on engineering (writing code, building integrations, tuning controls) with architecture and program ownership (setting standards, defining patterns, and driving adoption across teams).
  • Turn high-level objectives—like “implement zero trust for workforce access” or “deploy phishing-resistant MFA at scale”—into concrete designs, automation, and measurable risk reduction.
  • Engineer modern identity and access controls.
  • Develop and roll out phishing-resistant MFA for high-value accounts and critical access paths (e.g., FIDO2/WebAuthn, hardware keys, device-bound authenticators).
  • Define and maintain RBAC/IAM patterns for enterprise applications (role models, groups, entitlements, JIT access, and approvals).
  • Implement zero trust for workforce and enterprise access.
  • Evaluate, onboard, and harden SaaS applications (Google Workspace, Microsoft 365, Slack, HRIS, ticketing, and other business apps) to align with enterprise security policies.
  • Harden endpoints and the extended workforce.
  • Support investigations and incident response related to identity, endpoint, and SaaS domains.
  • Automate and instrument everything you can.
  • Partner on detection, response, and governance.

Requirements

  • 5+ years of experience in enterprise security, identity and access management, or closely related security engineering roles.
  • Strong, practical understanding of modern IAM concepts: SSO, federation, RBAC/ABAC, JIT access, least privilege, and separation of duties.
  • Hands-on experience implementing and operating SSO and workforce identity with platforms such as Okta, Entra ID, or equivalent IdPs.
  • Deep familiarity with SAML, OAuth 2.0/OIDC, and SCIM, including real-world experience integrating these protocols with third-party SaaS and internal apps.
  • Demonstrated experience designing and rolling out MFA, ideally including phishing-resistant approaches (FIDO2/WebAuthn, hardware security keys, device-bound authenticators, step-up authentication).
  • Experience designing and deploying zero trust or context-aware access controls (e.g., device trust, network segmentation, mTLS, ZTNA) in hybrid or remote-friendly environments.
  • Proficiency in at least one modern scripting or programming language (e.g., Python, Go) used to build automations, integrations, or internal tooling.
  • Experience securing and integrating business-critical SaaS (e.g., Google Workspace, Microsoft 365, Slack, Atlassian, HRIS, ticketing) including SCIM provisioning, access reviews, and audit log ingestion.
  • Familiarity with MDM and endpoint security tooling (e.g., Jamf, Intune, EDR platforms) and how they tie into identity and access decisions.
  • Familiarity with enterprise security standards and frameworks (e.g., SOC 2, ISO 27001, NIST 800-53) and mapping enterprise controls to these requirements.
  • Experience with SaaS security posture management (SSPM), CASB, DLP, or insider risk tooling focused on collaboration platforms and data access.
  • Experience building or contributing to internal security tooling (e.g., access review automation, JML workflows, policy-as-code).
  • Participation in security communities, standards groups, or open-source contributions in IAM, zero trust, or enterprise security.

Qualifications

Minimum Qualifications:

  • 5+ years of experience in enterprise security, identity and access management, or closely related security engineering roles.
  • Strong, practical understanding of modern IAM concepts: SSO, federation, RBAC/ABAC, JIT access, least privilege, and separation of duties.
  • Hands-on experience implementing and operating SSO and workforce identity with platforms such as Okta, Entra ID, or equivalent IdPs.
  • Deep familiarity with SAML, OAuth 2.0/OIDC, and SCIM, including real-world experience integrating these protocols with third-party SaaS and internal apps.
  • Demonstrated experience designing and rolling out MFA, ideally including phishing-resistant approaches (FIDO2/WebAuthn, hardware security keys, device-bound authenticators, step-up authentication).
  • Experience designing and deploying zero trust or context-aware access controls (e.g., device trust, network segmentation, mTLS, ZTNA) in hybrid or remote-friendly environments.
  • Proficiency in at least one modern scripting or programming language (e.g., Python, Go) used to build automations, integrations, or internal tooling.
  • Experience securing and integrating business-critical SaaS (e.g., Google Workspace, Microsoft 365, Slack, Atlassian, HRIS, ticketing) including SCIM provisioning, access reviews, and audit log ingestion.
  • Familiarity with MDM and endpoint security tooling (e.g., Jamf, Intune, EDR platforms) and how they tie into identity and access decisions.
  • Familiarity with enterprise security standards and frameworks (e.g., SOC 2, ISO 27001, NIST 800-53) and mapping enterprise controls to these requirements.
  • Experience with SaaS security posture management (SSPM), CASB, DLP, or insider risk tooling focused on collaboration platforms and data access.
  • Experience building or contributing to internal security tooling (e.g., access review automation, JML workflows, policy-as-code).
  • Participation in security communities, standards groups, or open-source contributions in IAM, zero trust, or enterprise security.

Skills

  • Strong understanding of modern IAM concepts: SSO, federation, RBAC/ABAC, JIT access, least privilege, and separation of duties.
  • Hands-on experience implementing and operating SSO and workforce identity with platforms such as Okta, Entra ID, or equivalent IdPs.
  • Deep familiarity with SAML, OAuth 2.0/OIDC, and SCIM, including real-world experience integrating these protocols with third-party SaaS and internal apps.
  • Demonstrated experience designing and rolling out MFA, ideally including phishing-resistant approaches (FIDO2/WebAuthn, hardware security keys, device-bound authenticators, step-up authentication).
  • Experience designing and deploying zero trust or context-aware access controls (e.g., device trust, network segmentation, mTLS, ZTNA) in hybrid or remote-friendly environments.
  • Proficiency in at least one modern scripting or programming language (e.g., Python, Go) used to build automations, integrations, or internal tooling.
  • Experience securing and integrating business-critical SaaS (e.g., Google Workspace, Microsoft 365, Slack, Atlassian, HRIS, ticketing) including SCIM provisioning, access reviews, and audit log ingestion.
  • Familiarity with MDM and endpoint security tooling (e.g., Jamf, Intune, EDR platforms) and how they tie into identity and access decisions.
  • Familiarity with enterprise security standards and frameworks (e.g., SOC 2, ISO 27001, NIST 800-53) and mapping enterprise controls to these requirements.
  • Experience with SaaS security posture management (SSPM), CASB, DLP, or insider risk tooling focused on collaboration platforms and data access.
  • Experience building or contributing to internal security tooling (e.g., access review automation, JML workflows, policy-as-code).
  • Participation in security communities, standards groups, or open-source contributions in IAM, zero trust, or enterprise security.

Benefits

  • Medical, dental, and vision insurance - 100% paid for by CoreWeave.
  • Company-paid Life Insurance.
  • Voluntary supplemental life insurance.
  • Short and long-term disability insurance.
  • Flexible Spending Account (FSA).
  • Health Savings Account (HSA).
  • Tuition Reimbursement.
  • Ability to Participate in Employee Stock Purchase Program (ESPP).
  • Mental Wellness Benefits through Spring Health.
  • Family-Forming support provided by Carrot.
  • Paid Parental Leave.
  • Flexible, full-service childcare support with Kinside.
  • 401(k) with a generous employer match.
  • Catered lunch each day in our office and data center locations.
  • A casual work environment.
  • A work culture focused on innovative disruption.

Similar jobs