Staff Security Engineer, Vulnerability Management

Confirmed live in the last 24 hours

CoreWeave

Compensation

$188,000 - $275,000/year

Livingston, NJ / New York, NY / Sunnyvale, CA / Bellevue, WA

Hybrid

Posted March 25, 2026

Job Description

CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at www.coreweave.com.

What You’ll Do:

We are seeking a Staff Security Engineer to lead the most complex technical work in CoreWeave’s Vulnerability Management program. You will design and implement scalable triage, prioritization, and remediation-tracking systems across application, infrastructure, and hardware domains. You will set technical standards, drive high-impact initiatives, and mentor engineers through technical leadership, while partnering with leadership on priorities and execution risks.

About the role:

Lead high-complexity VM technical initiatives and deliver architecture decisions for assigned program areas
Design and build scalable triage automation, including integrations, decision logic, and production hardening
Implement end-to-end workflow components from assessment and detection to ticket routing and remediation tracking
Provide deep technical leadership on hardware-adjacent vulnerabilities (GPU firmware, DPU firmware/BlueField, and BMC surfaces)
Act as senior technical responder for embargoed disclosures and zero-day events, coordinating with owner teams that deploy fixes
Improve prioritization logic, severity models, and exception workflows through code, design reviews, and technical proposals
Produce actionable technical metrics and risk insights for leadership consumption
Lead root-cause analysis for high-impact vulnerability incidents and implement durable technical improvements
Mentor IC3/IC4/IC5 engineers through design guidance, code review, and incident coaching
Partner with security, engineering, and operational stakeholders to improve workflow reliability and accelerate remediation outcomes

Who You Are:

9+ years of relevant experience with demonstrated strategic impact in vulnerability management, application security, platform security, or cloud security engineering
Proven track record building and scaling security automation (SOAR workflows, AI/ML systems, detection pipelines) in production environments
Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, threat intelligence integration, and risk-based prioritization frameworks
Excellent development background with strong coding skills in Python, Go, or similar languages for building scalable, production-grade security systems
Significant experience with modern vulnerability management tooling (for example Wiz, Semgrep, Rapid7, Tenable, or equivalent)
Experience with specialized infrastructure: GPU/DPU environments, firmware security, hardware vulnerabilities, or high-performance computing
Demonstrated track record mentoring engineers across levels and driving cross-functional technical initiatives at organizational scale
Strong business acumen and understanding of how security decisions impact engineering velocity, customer trust, and business outcomes

Preferred:

Practical experience building AI/ML-powered security systems (LLM integration, automated decision-making, human-in-the-loop validation) in production
Experience managing hardware vendor security partnerships (embargoed disclosures and pre-release collaboration)
Production experience with security automation plat

pythongorustawsgcpazurekubernetesaidevopsdata