Staff Security Engineer, Vulnerability Management

CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at www.coreweave.com . What You’ll Do: We are seeking a Staff Security Engineer to lead the most complex technical work in CoreWeave’s Vulnerability Management program. You will design and implement scalable triage, prioritization, and remediation-tracking systems across application, infrastructure, and hardware domains. You will set technical standards, drive high-impact initiatives, and mentor engineers through technical leadership, while partnering with leadership on priorities and execution risks. About the role: Lead high-complexity VM technical initiatives and deliver architecture decisions for assigned program areas Design and build scalable triage automation, including integrations, decision logic, and production hardening Implement end-to-end workflow components from assessment and detection to ticket routing and remediation tracking Provide deep technical leadership on hardware-adjacent vulnerabilities (GPU firmware, DPU firmware/BlueField, and BMC surfaces) Act as senior technical responder for embargoed disclosures and zero-day events, coordinating with owner teams that deploy fixes Improve prioritization logic, severity models, and exception workflows through code, design reviews, and technical proposals Produce actionable technical metrics and risk insights for leadership consumption Lead root-cause analysis for high-impact vulnerability incidents and implement durable technical improvements Mentor IC3/IC4/IC5 engineers through design guidance, code review, and incident coaching Partner with security, engineering, and operational stakeholders to improve workflow reliability and accelerate remediation outcomes Who You Are: 9+ years of relevant experience with demonstrated strategic impact in vulnerability management, application security, platform security, or cloud security engineering Proven track record building and scaling security automation (SOAR workflows, AI/ML systems, detection pipelines) in production environments Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, threat intelligence integration, and risk-based prioritization frameworks Excellent development background with strong coding skills in Python, Go, or similar languages for building scalable, production-grade security systems Significant experience with modern vulnerability management tooling (for example Wiz, Semgrep, Rapid7, Tenable, or equivalent) Experience with specialized infrastructure: GPU/DPU environments, firmware security, hardware vulnerabilities, or high-performance computing Demonstrated track record mentoring engineers across levels and driving cross-functional technical initiatives at organizational scale Strong business acumen and understanding of how security decisions impact engineering velocity, customer trust, and business outcomes Preferred: Practical experience building AI/ML-powered security systems (LLM integration, automated decision-making, human-in-the-loop validation) in production Experience managing hardware vendor security partnerships (embargoed disclosures and pre-release collaboration) Production experience with security automation platforms such as TINES and serverless frameworks (AWS Lambda, GCP Cloud Functions) Strong DevOps, DevSecOps, or SRE background with deep experience in AWS/GCP/Azure cloud services and Infrastructure as Code (Terraform, CloudFormation) Deep understanding of Kubernetes security (container scanning, admission ... (truncated, view full listing at source)