Offensive Security Engineer

What You’ll Do:

CoreWeave’s Information Security team ensures that both internal and external systems are secure, resilient, and compliant. Our team partners with engineering and product teams to identify vulnerabilities, harden systems, and maintain a high standard of security across all infrastructure and applications that deliver high-performance compute to our customers.

About the role:

As an Offensive Security Engineer at CoreWeave, you will lead efforts to identify and mitigate security risks across internal and external systems. You’ll perform penetration testing, conduct threat modeling, and provide guidance to engineering teams on secure design and best practices. This role also involves developing security tooling, researching emerging threats, and contributing to the continuous improvement of CoreWeave’s overall security posture.

Some of what you’ll work on:

• Perform penetration testing as well as purple and red team exercises.
• Conduct threat modeling, code reviews, and design reviews for development teams.
• Research new attack techniques and develop strategies to counter them.
• Develop and enforce security best practices and standards, maintaining internal compliance.
• Provide solutions to complex security issues, manage multiple tasks, and prioritize effectively in a fast-paced environment.
• Present technical security information to both technical and non-technical audiences.
• Maintain technical documentation, reports, and security tooling with attention to detail.
• Participate in other security-related initiatives as assigned.

Who You Are:

• 5+ years of experience in offensive information security roles.
• Proficiency in at least one programming or scripting language (e.g., Go, Python, C/C++) for automation, code reviews, and tooling.
• Hands-on penetration testing experience and familiarity with offensive security tools.