Senior Security Engineer I, Vulnerability Management

CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at www.coreweave.com . What You’ll Do: We are seeking a Security Engineer to join CoreWeave's Vulnerability Management team. This is an execution-focused role: you will perform hands-on triage, drive remediation follow-through, and improve day-to-day operational quality across cloud and specialized infrastructure environments. You will work closely with other security engineers to support high-priority vulnerability response, improve automation quality, and build strong security judgment. This role is ideal for engineers who want meaningful ownership, fast learning, and a clear growth path toward senior scope. About the role: Perform hands-on vulnerability triage and risk assessment using team-defined standards and playbooks Track remediation progress with owner teams, escalate blockers, and ensure clean issue closure Support automated triage workflows by validating outputs and improving signal quality Contribute to automated remediation campaigns (for example EOL cleanup, vulnerable software upgrades, and fix verification) Support zero-day and embargo response by helping inventory affected assets and tracking owner-team deployment status Participate in incident investigations by gathering technical evidence and supporting impact analysis Participate in on-call rotation for critical vulnerability events Maintain high-quality documentation, runbooks, and operational updates Identify process gaps and contribute practical workflow improvements that reduce manual toil Who You Are: 3+ years of relevant experience in vulnerability management, security operations, application security, or related security engineering Strong understanding of vulnerability assessment fundamentals (CVSS, exploitability, risk prioritization, remediation tradeoffs) Hands-on experience with one or more vulnerability management platforms (for example Wiz, Rapid7, Qualys, Tenable, or equivalent) Proficiency in scripting/automation for workflow support (Python, Bash, or similar) Familiarity with cloud security concepts (AWS, GCP, Azure) and common infrastructure vulnerabilities Strong written and verbal communication skills for cross-functional collaboration Demonstrated execution ownership in operational security work Preferred: Exposure to security automation/SOAR platforms (for example Tines, Splunk SOAR, or equivalent) Experience with container/Kubernetes vulnerability workflows Familiarity with hardware-adjacent vulnerability domains (GPU/DPU firmware, BMC/IPMI) Experience supporting compliance evidence collection (SOC 2, ISO 27001, FedRAMP, or similar) Experience in high-growth or fast-moving infrastructure environments Exposure to AI-assisted security workflows and human-in-the-loop validation Wondering if you’re a good fit? We believe in investing in our people and value candidates who can bring their diverse experiences to our teams – even if you aren't a 100% skill or experience match. Here are a few qualities we’ve found compatible with our team. If some of this describes you, we’d love to talk. You love to: Solve practical problems and improve operational reliability Use automation to reduce repetitive manual work Partner across teams to drive concrete security outcomes You're curious about: How AI and automation can improve vulnerability operations Security challenges in cloud-scale and specialized infrastructure Building strong security judgment through real production problems You're developing expertise ... (truncated, view full listing at source)