Staff Security Engineer, Vulnerability Management

About The Position

Requirements

• 9+ years of relevant experience with demonstrated strategic impact in vulnerability management, application security, platform security, or cloud security engineering
• Proven track record building and scaling security automation (SOAR workflows, AI/ML systems, detection pipelines) in production environments
• Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, threat intelligence integration, and risk-based prioritization frameworks
• Excellent development background with strong coding skills in Python, Go, or similar languages for building scalable, production-grade security systems
• Significant experience with modern vulnerability management tooling (for example Wiz, Semgrep, Rapid7, Tenable, or equivalent)
• Experience with specialized infrastructure: GPU/DPU environments, firmware security, hardware vulnerabilities, or high-performance computing
• Demonstrated track record mentoring engineers across levels and driving cross-functional technical initiatives at organizational scale
• Strong business acumen and understanding of how security decisions impact engineering velocity, customer trust, and business outcomes

Nice To Haves

• Practical experience building AI/ML-powered security systems (LLM integration, automated decision-making, human-in-the-loop validation) in production
• Experience managing hardware vendor security partnerships (embargoed disclosures and pre-release collaboration)
• Production experience with security automation platforms such as TINES and serverless frameworks (AWS Lambda, GCP Cloud Functions)
• Strong DevOps, DevSecOps, or SRE background with deep experience in AWS/GCP/Azure cloud services and Infrastructure as Code (Terraform, CloudFormation)
• Deep understanding of Kubernetes security (container scanning, admission controllers, supply chain security, runtime protection)
• Experience leading security programs through rapid hypergrowth (10x+ infrastructure scaling) in startup or cloud-native environments
• Practical experience managing vulnerabilities within a FedRAMP-certified environment or similar regulatory frameworks

Responsibilities

• Define the multi-quarter VM technical strategy and roadmap, including operating model, prioritization framework, and technical standards
• Architect and scale AI-powered triage automation: evaluate vendor solutions vs. in-house development, design integration architecture, and oversee production rollout
• Own end-to-end automation architecture from assessment through detection creation to remediation orchestration and ticketing
• Own specialized hardware vulnerability strategy for GPU firmware, DPU firmware (BlueField), and BMC attack surfaces
• Serve as primary technical point of contact for embargoed vendor disclosures and zero-day response, driving emergency patch plans with owner teams that execute deployment
• Establish severity, remediation, and exception-handling standards; ensure IC3/IC4 execution aligns with risk and business priorities
• Define executive-facing VM metrics, risk posture reporting, and decision cadences with Security and Engineering leadership
• Lead deep technical analysis during high-profile vulnerability incidents and drive post-incident technical improvements
• Mentor IC3/IC4/IC5 engineers and raise the technical bar for automation design, code quality, and security judgment
• Partner with security, engineering, and operational stakeholders to drive unified workflows and unblock cross-functional delivery

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption