Senior Security Engineer II, Vulnerability Management
Company: CoreWeave
Location: Sunnyvale
Posted on: February 16, 2026
|
|
|
Job Description:
Job Description Job Description CoreWeave is The Essential Cloud
for AI™. Built for pioneers by pioneers, CoreWeave delivers a
platform of technology, tools, and teams that enables innovators to
build and scale AI with confidence. Trusted by leading AI labs,
startups, and global enterprises, CoreWeave combines superior
infrastructure performance with deep technical expertise to
accelerate breakthroughs and turn compute into capability. Founded
in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV)
in March 2025. Learn more at www.coreweave.com. What You'll Do: We
are seeking a Senior Security Engineer to build the Vulnerability
Management program protecting CoreWeave's AI infrastructure. You
will architect intelligent automation systems that defend the GPU
clusters powering breakthrough AI research and enterprise AI
applications. You'll solve security problems at the intersection of
cloud-scale infrastructure and specialized hardware—from GPU
firmware vulnerabilities to AI-powered threat detection. This role
combines technical depth, strategic thinking, and the autonomy to
design workflows that will protect infrastructure driving the
future of AI. About the role: Build and scale AI-powered triage
workflows: evaluate tools (LLM integration, TINES orchestration),
architect solutions, and deploy to production Drive intelligent,
risk-based vulnerability prioritization while simultaneously
training AI models—your assessments become the foundation for
automation Influence automation priorities: recommend which areas
of the vulnerability pipeline would most benefit from automation to
improve team efficiency Design and implement automated
detection-to-ticket pipelines: build workflows that generate
vulnerability detections, test them, scale across the environment,
and auto-create Jira tickets Execute remediation campaigns: build
automated workflows for EOL product removal, vulnerable software
upgrades, and OS migrations at scale Manage embargoed vendor
disclosures from hardware partners, including embargo verification
and zero-day response coordination Lead security incident
investigations related to high-profile vulnerabilities,
coordinating cross-functional response and impact assessment
Participate in on-call rotation for rapid-response vulnerability
analysis during active zero-day events or critical security
incidents Partner with IT, Infrastructure, and Engineering teams to
drive remediation efforts, enforce SLAs, and escalate blockers
strategically Write daily operations reports documenting
vulnerability trends, remediation velocity, and emerging threats
for security leadership Drive process improvements and workflow
automation to improve operational efficiency and reduce manual toil
Who You Are: 7 years of relevant experience with demonstrated
impact in vulnerability management, application security, platform
security, or cloud security engineering Proven hands-on experience
building security automation (SOAR workflows, detection pipelines,
or vulnerability prioritization frameworks) Deep subject matter
expertise with vulnerability management best practices: CVSS, EPSS,
CISA KEV, exploit intelligence, and compensating controls Strong
development background with proficiency in Python, Go, or similar
languages for building production-grade security tools Experience
with modern vulnerability management tooling such as Wiz, Semgrep,
Rapid7, or similar platforms Demonstrated ability to partner with
cross-functional teams (IT, SRE, Engineering) to drive remediation
without formal authority Strong familiarity with common security
vulnerabilities and the ability to judge their severity and
business impact Preferred: Practical experience building
AI/ML-powered security workflows (LLM integration, automated
triage, human-in-the-loop validation) Experience managing hardware
security vulnerabilities (GPU/DPU firmware, BMC/IPMI, specialized
compute environments) Production experience with security
automation platforms such as TINES, Splunk SOAR, or serverless
frameworks (AWS Lambda) Strong DevOps, DevSecOps, or SRE background
with experience in AWS/GCP/Azure cloud services and Infrastructure
as Code (Terraform, CloudFormation) Deep understanding of container
security and Kubernetes (image scanning, admission control, runtime
protection, supply chain security) Experience supporting customer
audits (SOC 2, ISO 27001, FedRAMP) with vulnerability evidence and
control validation Experience integrating vulnerability management
into modern CI/CD pipelines with a "shift-left" mentality Wondering
if you're a good fit? We believe in investing in our people and
value candidates who can bring their diverse experiences to our
teams – even if you aren't a 100% skill or experience match. Here
are a few qualities we've found compatible with our team. If some
of this describes you, we'd love to talk. You love to: Architect
and build security systems with full ownership, not just maintain
existing tools Drive cross-functional initiatives and influence
without formal authority Mentor engineers and see your automation
multiply team impact You're curious about: How to apply AI/ML to
vulnerability management at cloud scale The intersection of
hardware security and cloud infrastructure What makes security
automation that engineering teams actually adopt You're an expert
in: Risk-based vulnerability prioritization and threat modeling
Building production-grade security automation (SOAR, detection
pipelines) Balancing security rigor with business velocity The base
salary range for this role is $165,000 to $242,000. The starting
salary will be determined based on job-related knowledge, skills,
experience, and market location. We strive for both market
alignment and internal equity when determining compensation. In
addition to base salary, our total rewards package includes a
discretionary bonus, equity awards, and a comprehensive benefits
program (all based on eligibility). What We Offer The range we've
posted represents the typical compensation range for this role. To
determine actual compensation, we review the market rate for each
candidate which can include a variety of factors. These include
qualifications, experience, interview performance, and location. In
addition to a competitive salary, we offer a variety of benefits to
support your needs, including: Medical, dental, and vision
insurance - 100% paid for by CoreWeave Company-paid Life Insurance
Voluntary supplemental life insurance Short and long-term
disability insurance Flexible Spending Account Health Savings
Account Tuition Reimbursement Ability to Participate in Employee
Stock Purchase Program (ESPP) Mental Wellness Benefits through
Spring Health Family-Forming support provided by Carrot Paid
Parental Leave Flexible, full-service childcare support with
Kinside 401(k) with a generous employer match Flexible PTO Catered
lunch each day in our office and data center locations A casual
work environment A work culture focused on innovative disruption
Our Workplace While we prioritize a hybrid work environment, remote
work may be considered for candidates located more than 30 miles
from an office, based on role requirements for specialized skill
sets. New hires will be invited to attend onboarding at one of our
hubs within their first month. Teams also gather quarterly to
support collaboration California Consumer Privacy Act - California
applicants only CoreWeave is an equal opportunity employer,
committed to fostering an inclusive and supportive workplace. All
qualified applicants and candidates will receive consideration for
employment without regard to race, color, religion, sex,
disability, age, sexual orientation, gender identity, national
origin, veteran status, or genetic information. As part of this
commitment and consistent with the Americans with Disabilities Act
(ADA) , CoreWeave will ensure that qualified applicants and
candidates with disabilities are provided reasonable accommodations
for the hiring process, unless such accommodation would cause an
undue hardship. If reasonable accommodation is needed, please
contact: careers@coreweave.com. Export Control Compliance This
position requires access to export controlled information. To
conform to U.S. Government export regulations applicable to that
information, applicant must either be (A) a U.S. person, defined as
a (i) U.S. citizen or national, (ii) U.S. lawful permanent resident
(green card holder), (iii) refugee under 8 U.S.C. § 1157, or (iv)
asylee under 8 U.S.C. § 1158, (B) eligible to access the export
controlled information without a required export authorization, or
(C) eligible and reasonably likely to obtain the required export
authorization from the applicable U.S. government agency. CoreWeave
may, for legitimate business reasons, decline to pursue any export
licensing process.
Keywords: CoreWeave, Fairfield , Senior Security Engineer II, Vulnerability Management, IT / Software / Systems , Sunnyvale, California
