Staff Security Engineer, Vulnerability Management

About the role

Lead high-complexity VM technical initiatives and deliver architecture decisions for assigned program areas Design and build scalable triage automation, including integrations, decision logic, and production hardening Implement end-to-end workflow components from assessment and detection to ticket routing and remediation tracking Provide deep technical leadership on hardware-adjacent vulnerabilities (GPU firmware, DPU firmware/BlueField, and BMC surfaces) Act as senior technical responder for embargoed disclosures and zero-day events, coordinating with owner teams that deploy fixes Improve prioritization logic, severity models, and exception workflows through code, design reviews, and technical proposals Produce actionable technical metrics and risk insights for leadership consumption Lead root-cause analysis for high-impact vulnerability incidents and implement durable technical improvements Mentor IC3/IC4/IC5 engineers through design guidance, code review, and incident coaching Partner with security, engineering, and operational stakeholders to improve workflow reliability and accelerate remediation outcomes

Requirements

• 9+ years of relevant experience with demonstrated strategic impact in vulnerability management, application security, platform security, or cloud security engineering
• Proven track record building and scaling security automation (SOAR workflows, AI/ML systems, detection pipelines) in production environments
• Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, threat intelligence integration, and risk-based prioritization frameworks
• Excellent development background with strong coding skills in Python, Go, or similar languages for building scalable, production-grade security systems
• Significant experience with modern vulnerability management tooling (for example Wiz, Semgrep, Rapid7, Tenable, or equivalent)
• Experience with specialized infrastructure: GPU/DPU environments, firmware security, hardware vulnerabilities, or high-performance computing
• Demonstrated track record mentoring engineers across levels and driving cross-functional technical initiatives at organizational scale
• Strong business acumen and understanding of how security decisions impact engineering velocity, customer trust, and business outcomes
• Preferred:
• Practical experience building AI/ML-powered security systems (LLM integration, automated decision-making, human-in-the-loop validation) in production
• Experience managing hardware vendor security partnerships (embargoed disclosures and pre-release collaboration)
• Production experience with security automation platforms such as TINES and serverless frameworks (AWS Lambda, GCP Cloud Functions)
• Strong DevOps, DevSecOps, or SRE background with deep experience in AWS/GCP/Azure cloud services and Infrastructure as Code (Terraform, CloudFormation)
• Deep understanding of Kubernetes security (container scanning, admission controllers, supply chain security, runtime protection)
• Experience leading security programs through rapid hypergrowth (10x+ infrastructure scaling) in startup or cloud-native environments
• Practical experience managing vulnerabilities within a FedRAMP-certified environment or similar regulatory frameworks
• Why CoreWeave?
• Be Curious at Your Core
• Act Like an Owner
• Empower Employees
• Deliver Best-in-Class Client Experiences
• Achieve More Together
• We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and enables the development of innovative solutions to complex problems. As we get set

Additional Information

CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at www.coreweave.com .

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at CoreWeave? Share your experience