Staff Security Engineer, Firmware Security

Confirmed live in the last 24 hours

CoreWeave

Compensation

$188,000 - $275,000/year

New York, NY / Sunnyvale, CA / Bellevue, WA

Hybrid

Posted April 2, 2026

Job Description

CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at www.coreweave.com.

What You’ll Do:

CoreWeave’s Security Engineering team ensures the CoreWeave Cloud is secure by design—from data centers and GPU fleets to the platform layers that power AI workloads. Within this organization, the Firmware Security function safeguards the low-level software that runs on servers, GPUs, and networking gear, ensuring it is trustworthy, up to date, and resilient against compromise.

About the role:
As a Staff Firmware Security Engineer, you will lead firmware security across CoreWeave’s infrastructure. You’ll design strategies for secure boot, firmware signing, attestation, and fleet-wide governance across servers, GPUs, and critical devices. Working hands-on with engineering teams, hardware vendors, and data center operations, you will identify risks, deploy durable controls, and respond to emerging threats in the firmware and hardware ecosystem. Your work will directly impact the security and reliability of some of the world’s largest GPU fleets.

Some of what you’ll work on:

Define and implement the end-to-end firmware security architecture for servers, GPUs, and networking platforms, including root-of-trust, secure boot, and attestation flows.
Design and deploy secure boot and measured boot strategies across host, BMC, and accelerator firmware, leveraging TPMs and hardware roots of trust.
Build tooling and automation to inventory firmware, validate signatures, manage SBOMs, and enforce version baselines across large fleets.
Partner with platform, infrastructure, and data center engineering teams to safely roll out firmware updates, including canarying, rollback strategies, and blast-radius controls.
Conduct threat modeling, design reviews, and code reviews for firmware and low-level platform software, mitigating security risks early.
Lead investigations into firmware vulnerabilities and anomalous device behavior, coordinating incident response and remediation.
Collaborate with hardware and OEM partners to influence security roadmaps, validate features, and integrate vendor tooling.
Integrate firmware security signals into telemetry, detection, and SIEM pipelines for continuous monitoring.
Establish standards, best practices, and documentation, while mentoring engineers on secure-by-default infrastructure principles.