Staff Security Engineer, Vulnerability Management
About the role
We are seeking a Staff Security Engineer to lead the most complex technical work in CoreWeave’s Vulnerability Management program. You will design and implement scalable triage, prioritization, and remediation-tracking systems across application, infrastructure, and hardware domains. You will set technical standards, drive high-impact initiatives, and mentor engineers through technical leadership, while partnering with leadership on priorities and execution risks.
Responsibilities
- Lead high-complexity VM technical initiatives and deliver architecture decisions for assigned program areas
- Design and build scalable triage automation, including integrations, decision logic, and production hardening
- Implement end-to-end workflow components from assessment and detection to ticket routing and remediation tracking
- Provide deep technical leadership on hardware-adjacent vulnerabilities (GPU firmware, DPU firmware/BlueField, and BMC surfaces)
- Act as senior technical responder for embargoed disclosures and zero-day events, coordinating with owner teams that deploy fixes
- Improve prioritization logic, severity models, and exception workflows through code, design reviews, and technical proposals
- Produce actionable technical metrics and risk insights for leadership consumption
- Lead root-cause analysis for high-impact vulnerability incidents and implement durable technical improvements
- Mentor IC3/IC4/IC5 engineers through design guidance, code review, and incident coaching
- Partner with security, engineering, and operational stakeholders to improve workflow reliability and accelerate remediation outcomes
Requirements
9+ years of relevant experience with demonstrated strategic impact in vulnerability management, application security, platform security, or cloud security engineering
Proven track record building and scaling security automation (SOAR workflows, AI/ML systems, detection pipelines) in production environments
Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, threat intelligence integration, and risk-based prioritization frameworks
Excellent development background with strong coding skills in Python, Go, or similar languages for building scalable, production-grade security systems
Significant experience with modern vulnerability management tooling (for example Wiz, Semgrep, Rapid7, Tenable, or equivalent)
Experience with specialized infrastructure: GPU/DPU environments, firmware security, hardware vulnerabilities, or high-performance computing
Demonstrated track record mentoring engineers across levels and driving cross-functional technical initiatives at organizational scale
Strong business acumen and understanding of how security decisions impact engineering velocity, customer trust, and business outcomes
Preferred: Practical experience building AI/ML-powered security systems (LLM integration, automated decision-making, human-in-the-loop validation) in production
Experience managing hardware vendor security partnerships (embargoed disclosures and pre-release collaboration)
Production experience with security automation platforms such as TINES and serverless frameworks (AWS Lambda, GCP Cloud Functions)
Significant experience with Kubernetes security (container scanning, admission controllers, supply chain security, runtime protection)
Experience leading security programs through rapid hypergrowth (10x+ infrastructure scaling) in startup or cloud-native environments
Practical experience managing vulnerabilities within a FedRAMP-certified environment or similar regulatory frameworks
Qualifications
Required:
- Bachelor's degree in Computer Science, Information Systems, or related field
- CISSP, CEH, or equivalent certifications preferred
Preferred:
- Master's degree in Computer Science, Information Systems, or related field
- Experience with security operations centers (SOCs)
- Experience with cloud security (AWS, Azure, Google Cloud)
Skills
- Python, Go, or similar programming languages
- Experience with vulnerability management tools (Wiz, Semgrep, Rapid7, Tenable, etc.)
- Knowledge of Kubernetes security
- Experience with security automation platforms (TINES, serverless frameworks)
- Experience with hardware security (GPU firmware, DPU firmware, BMC surfaces)
- Experience with security partnerships and embargoed disclosures
- Experience with cloud security (AWS, Azure, Google Cloud)
Benefits
The base salary range for this role is $188,000 to $275,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).
What We Offer:
- Medical, dental, and vision insurance - 100% paid for by CoreWeave
- Company-paid Life Insurance
- Voluntary supplemental life insurance
- Short and long-term disability insurance
- Flexible Spending Account (FSA)
- Health Savings Account (HSA)
- Tuition Reimbursement
- Ability to Participate in Employee Stock Purchase Program (ESPP)
- Mental Wellness Benefits through Spring Health
- Family-Forming support provided by Carrot
- Paid Parental Leave
- Flexible, full-service childcare support with Kinside
- 401(k) with a generous employer match
- Catered lunch each day in our office and data center locations
- A casual work environment
- A work culture focused on innovative disruption
Why CoreWeave?
About At CoreWeave, we work hard, have fun, and move fast! We’re in an exciting stage of hyper-growth that you will not want to miss out on. We’re not afraid of a little chaos, and we’re constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values: Be Curious at Your Core, Act Like an Owner, Empower Employees, Deliver Best-in-Class Client Experiences, Achieve More Together. We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and enables the development of innovative solutions to complex problems. As we get set for takeoff, the organization's growth opportunities are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us!