Senior Security Engineer, Threat Intelligence

About The Position

Requirements

• 8–10 years of experience in cyber threat intelligence, threat hunting, detection engineering, security research, or adjacent disciplines.
• Deep understanding of adversary behavior and tradecraft, including exploitation techniques, lateral movement, persistence mechanisms, and infrastructure usage.
• Demonstrated experience moving from intelligence → hypothesis → hunt → detection → feedback.
• Hands-on experience developing detections or hunts using SIEM, EDR, cloud security, identity, or network telemetry.
• Strong analytical skills with the ability to synthesize complex technical findings into clear, actionable intelligence.
• Proven ability to work independently, exercise strong judgment, and operate effectively in ambiguous, rapidly evolving threat environments.
• Excellent written and verbal communication skills, including the ability to brief senior technical and security leadership.

Nice To Haves

• Experience building or operating honeypots, canary systems, sinkholes, deception platforms, or custom telemetry pipelines.
• Background in threat hunting, red teaming, malware analysis, exploit development, or security research.
• Experience securing cloud-native, large-scale, or hyperscale infrastructure.
• Proficiency with scripting and data analysis (Python, SQL, APIs).
• Familiarity with MITRE ATT&CK, intrusion lifecycle modeling, and intelligence frameworks.
• Experience integrating threat intelligence platforms (TIPs) or building custom intelligence enrichment and correlation pipelines

Responsibilities

• Research, track, and actively investigate cyber threat actors, campaigns, tooling, infrastructure, and TTPs relevant to CoreWeave’s threat landscape.
• Design and operate advanced intelligence collection mechanisms, including controlled exposure systems (e.g., honeypots, canaries, decoys, or instrumentation) to observe adversary behavior in the wild.
• Identify, evaluate, and manage intelligence sources across OSINT, commercial feeds, community sharing, and internally generated telemetry, with a focus on signal quality and adversary relevance.
• Translate threat intelligence into durable detection logic, analytics, and intelligence-driven threat hunting hypotheses across endpoint, network, identity, and cloud telemetry.
• Lead and execute proactive threat hunts informed by intelligence gaps, emerging adversary tradecraft, and novel attack patterns.
• Analyze security incidents, suspicious activity, and hunt results to uncover campaign-level patterns, attacker objectives, and systemic defensive weaknesses.
• Develop original intelligence products, including adversary profiles, campaign analyses, intrusion narratives, and forward-looking threat assessments.
• Automate enrichment, correlation, and analysis workflows to embed threat intelligence directly into detection, response, and engineering pipelines.
• Partner closely with detection engineering, incident response, cloud security, and platform teams to close the loop between intelligence, hunting, and prevention.
• Establish and own technical standards, architectural patterns, and best practices for intelligence-led detection, hunting, and adversary analysis.
• Contribute to the evolution of CoreWeave’s threat intelligence strategy by identifying opportunities to push beyond traditional CTI models.

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption