Senior Security Engineer I, Vulnerability Management

What You’ll Do:

We are seeking a Security Engineer to join CoreWeave's Vulnerability Management team. This is an execution-focused role: you will perform hands-on triage, drive remediation follow-through, and improve day-to-day operational quality across cloud and specialized infrastructure environments.

You will work closely with other security engineers to support high-priority vulnerability response, improve automation quality, and build strong security judgment. This role is ideal for engineers who want meaningful ownership, fast learning, and a clear growth path toward senior scope.

About the role:

• Perform hands-on vulnerability triage and risk assessment using team-defined standards and playbooks
• Track remediation progress with owner teams, escalate blockers, and ensure clean issue closure
• Support automated triage workflows by validating outputs and improving signal quality
• Contribute to automated remediation campaigns (for example EOL cleanup, vulnerable software upgrades, and fix verification)
• Support zero-day and embargo response by helping inventory affected assets and tracking owner-team deployment status
• Participate in incident investigations by gathering technical evidence and supporting impact analysis
• Participate in on-call rotation for critical vulnerability events
• Maintain high-quality documentation, runbooks, and operational updates
• Identify process gaps and contribute practical workflow improvements that reduce manual toil

Who You Are: 

• 3+ years of relevant experience in vulnerability management, security operations, application security, or related security engineering
• Strong understanding of vulnerability assessment fundamentals (CVSS, exploitability, risk prioritization, remediation tradeoffs)
• Hands-on experience with one or more vulnerability management platforms (for example Wiz, Rapid7, Qualys, Tenable, or equivalent)
• Proficiency in scripting/automation for workflow support (Python, Bash, or similar)
• Familiarity with cloud security concepts (AWS, GCP, Azure) and common infrastructure vulnerabilities
• Strong written and verbal communication skills for cross-functional collaboration
• Demonstrated execution ownership in operational security work

Preferred:

• Exposure to security automation/SOAR platforms (for example Tines, Splunk SOAR, or equivalent)
• Experience with container/Kubernetes vulnerability workflows
• Familiarity with hardware-adjacent vulnerability domains (GPU/DPU firmware, BMC/IPMI)
• Experience supporting compliance evidence collection (SOC 2, ISO 27001, FedRAMP, or similar)
• Experience in high-growth or fast-moving infrastructure environments
• Exposure to AI-assisted security workflows and human-in-the-loop validation

Wondering if you’re a good fit? We believe in investing in our people and value candidates who can bring their diverse experiences to our teams – even if you aren't a 100% skill or experience match. Here are a few qualities we’ve found compatible with our team. If some of this describes