Skip to main content
Back to jobs

Senior Security Engineer, PKI & Secrets

External
CoreWeave logoCoreweave · Livingston, NJ
Full-timeOn-site2w ago
API DesignCryptographyEncryptionKubernetesMovePython
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

As a Senior Security Engineer on the PKI & Secrets team, you will shape how CoreWeave manages cryptographic infrastructure across its global fleet. You'll design and operate PKI hierarchies, secrets management platforms, HSM infrastructure, and key management systems; working hands-on with engineering teams to integrate these capabilities into their services and workflows. In this role, you will: Contribute to the design, implementation, and operation of CoreWeave's PKI infrastructure, including CA hierarchies, issuance policies, certificate lifecycle management, and trust distribution across Kubernetes clusters and bare-metal hosts. Manage and evolve secrets management platforms, including access policies, secret lifecycle governance, and integration patterns using External Secrets Operator and cert-manager. Operate and scale HSM infrastructure, including PKCS#11 integration, key ceremony procedures, and high-availability designs backing our certificate authorities and signing services. Contribute to the design of key management and data encryption solutions for internal and customer-facing use cases, including envelope encryption and KMS API design. Deliver PKI-based solutions supporting workload identity, mutual TLS, and hardware attestation. Maintain and extend code signing infrastructure for firmware images, UEFI binaries, container images, and application binaries. Develop and enforce cryptographic best practices and policies, and contribute to post-quantum cryptography readiness.

Responsibilities

  • We partner with teams across the company to deliver cryptographic services that are secure, reliable, and easy to use at scale.

Requirements

  • (5)+ years of experience in security engineering or infrastructure engineering.
  • Strong understanding of PKI concepts including CA hierarchies, certificate profiles, issuance policies, revocation, and trust distribution.
  • Hands-on experience operating HashiCorp Vault or similar secrets management platforms in production.
  • Experience with hardware security modules (HSMs), PKCS#11 interfaces, and key ceremony procedures.
  • Solid understanding of applied cryptography: symmetric and asymmetric algorithms, digital signatures, envelope encryption, and TLS.
  • Proficiency in Go, Python, or similar languages, with the ability to build production tooling and automation.
  • Experience with Kubernetes, including cert-manager, trust-manager, or External Secrets Operator.
  • Demonstrated ability to drive cross-functional initiatives across infrastructure, platform, and product teams.
  • Preferred
  • Experience operating PKI backed by HSMs in a cloud provider or hyperscaler environment.
  • Familiarity with code signing workflows (Authenticode, Cosign/Sigstore, transparency logs, timestamping).
  • Experience with KMS design, including customer-managed keys and multi-tenant key isolation.
  • Understanding of hardware attestation and workload identity (TPM, SPDM, SPIFFE/SPIRE).
  • Exposure to post-quantum cryptography standards and migration planning.
  • Wondering if you're a good fit?
  • We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams, even if you aren't a 100% skill or experience match. If some of this describes you, we'd love to talk.
  • You think deeply about how trust is established in complex distributed systems - and you enjoy making that infrastructure invisible to the teams that depend on it.
  • You're comfortable operating at multiple levels of abstraction, from HSM key ceremonies to Kubernetes operator design and developer experience.
  • You're a pragmatic builder who ships durable solutions in fast-moving environments.
  • Why CoreWeave?
  • Be Curious at Your Core

Benefits

Paid time off

Additional Information

CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at www.coreweave.com .

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at CoreWeave? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect