Staff Security Engineer, Firmware Security

About The Position

Requirements

• 8+ years of experience in security engineering, platform security, or systems/firmware engineering, including substantial work with server or device firmware.
• Deep understanding of firmware and platform security concepts, including secure/verified boot, measured boot, roots of trust, and attestation (e.g., TPM-based or vendor-specific solutions).
• Hands-on experience with server and BMC ecosystems (e.g., UEFI/BIOS, BMC/Redfish/IPMI, bootloaders) and how they interact with operating systems and hypervisors.
• Strong Linux systems background, including comfort working close to the hardware (kernel interfaces, device drivers, low-level debugging).
• Experience performing security reviews and/or reverse engineering of firmware or low-level code (e.g., UEFI, bootloaders, BMC firmware), using tools such as UEFITool, CHIPSEC, or similar.
• Proficiency in at least one systems programming or scripting language (e.g., C, C++, Rust, Go, or Python) and the ability to build automation and validation tooling.
• Demonstrated ability to lead cross-functional initiatives, influencing engineers and stakeholders across infrastructure, hardware, and operations teams.
• Strong written and verbal communication skills, including the ability to explain complex technical topics to both deeply technical and non-technical audiences.

Nice To Haves

• Experience securing GPU, accelerator, or HPC platforms, including familiarity with NVIDIA and/or other accelerator firmware stacks.
• Background working in a cloud provider, hyperscaler, or large-scale data center environment, ideally with exposure to bare metal and containerized workloads.
• Familiarity with supply chain security practices for hardware and firmware, including SBOMs, signing workflows, provenance tracking, and vendor qualification.
• Experience designing and operating attestation pipelines (e.g., validating device state before admitting workloads or granting higher-trust roles).
• Contributions to open-source firmware or security projects, security research publications, or notable vulnerability discoveries (CVE credits, bug bounties, etc.).
• Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Electrical Engineering, or equivalent practical experience.

Responsibilities

• Define the end-to-end firmware security architecture for CoreWeave’s server, GPU, and networking platforms, including root-of-trust, secure boot, and attestation flows.
• Design and implement secure boot and measured boot strategies across host, BMC, and accelerator firmware, leveraging TPM/TPM2 and hardware roots of trust.
• Build and maintain tooling and automation to inventory firmware, validate signatures and policies, manage firmware SBOMs, and enforce version baselines across large fleets.
• Partner with platform, infrastructure, and data center engineering teams to design safe rollout mechanisms for firmware updates, including canarying, rollback strategies, and blast-radius controls.
• Perform threat modeling, design reviews, and code reviews for firmware-related components and low-level platform software, identifying and mitigating security risks early in the lifecycle.
• Lead deep-dive investigations into firmware vulnerabilities and anomalous device behavior, coordinating incident response and remediation across cross-functional teams.
• Engage with hardware and OEM partners (e.g., server, GPU, and NIC vendors) to influence their security roadmaps, validate security features, and integrate vendor tooling into CoreWeave’s controls.
• Collaborate with Security Engineering peers to integrate firmware security signals into telemetry, detection, and SIEM pipelines for continuous monitoring.
• Establish standards, best practices, and documentation for firmware security, and mentor engineers across the organization in building secure-by-default infrastructure.

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption