Staff Security Engineer, Vulnerability Management

What You’ll Do:

We are seeking a Staff Security Engineer to provide deep technical expertise and architecture for CoreWeave's Vulnerability Management program. As IC5, you are the technical owner for end-to-end VM strategy, architecture, and operating model across application, infrastructure, and hardware surfaces. You will define how the program scales, set quality bars for automation and risk decisions, and lead cross-functional execution with partner security and engineering teams. This is an individual contributor role with no direct people-management responsibilities. If you want to stay deeply technical while having strategic impact, this is the role.

About the role:

• Define the multi-quarter VM technical strategy and roadmap, including operating model, prioritization framework, and technical standards
• Architect and scale AI-powered triage automation: evaluate vendor solutions vs. in-house development, design integration architecture, and oversee production rollout
• Own end-to-end automation architecture from assessment through detection creation to remediation orchestration and ticketing
• Own specialized hardware vulnerability strategy for GPU firmware, DPU firmware (BlueField), and BMC attack surfaces
• Serve as primary technical point of contact for embargoed vendor disclosures and zero-day response, driving emergency patch plans with owner teams that execute deployment
• Establish severity, remediation, and exception-handling standards; ensure IC3/IC4 execution aligns with risk and business priorities
• Define executive-facing VM metrics, risk posture reporting, and decision cadences with Security and Engineering leadership
• Lead deep technical analysis during high-profile vulnerability incidents and drive post-incident technical improvements
• Mentor IC3/IC4/IC5 engineers and raise the technical bar for automation design, code quality, and security judgment
• Partner with security, engineering, and operational stakeholders to drive unified workflows and unblock cross-functional delivery

Who You Are: 

• 9+ years of relevant experience with demonstrated strategic impact in vulnerability management, application security, platform security, or cloud security engineering
• Proven track record building and scaling security automation (SOAR workflows, AI/ML systems, detection pipelines) in production environments
• Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, threat intelligence integration, and risk-based prioritization frameworks
• Excellent development background with strong coding skills in Python, Go, or similar languages for building scalable, production-grade security systems
• Significant experience with modern vulnerability management tooling (for example Wiz, Semgrep, Rapid7, Tenable, or equivalent)
• Experience with specialized infrastructure: GPU/DPU environments, firmware security, hardware vulnerabilities, or high-performance computing
• Demonstrated track record mentoring engineers across levels and driving cross-functional technical initiatives at organizational scale
• Strong business acumen and understanding of how security decisions impact engineering velocity, customer trust, and business outcomes

Preferred:

• Practical experience building AI/ML-powered security systems (LLM integration, automated decision-making, human-in-the-loop validation) in production
• Experience managing hardware vendor security partnerships (embargoed disclosures and pre-release collaboration)
• Production experience with security automation platforms such as TINES and serverless frameworks (AWS Lambda, GCP Cloud Functions)
• Strong DevOps, DevSecOps, or SRE background with deep experience in AWS/GCP/Azure cloud services and Infrastructure as Code (Terraform, CloudFormation)
• Deep understanding of Kubernetes security (container scanning, admission controllers, supply chain security, runtime protection)
• Experience leading security programs through rapid hypergrowth (10x+ infrastructure scaling) in startup or cloud-native environments
• Practical experience managing vulnerabilities within a FedRAMP-certified environment or similar regulatory frameworks

Wondering if you’re a good fit? We believe in investing in our people and value candidates who can bring their diverse experiences to our teams – even if you aren't a 100% skill or experience match. Here are a few qualities we’ve found compatible with our team. If some of this describes you, we’d love to talk. 

You love to:

• Define technical vision and build programs that scale with organizational growth
• Mentor senior engineers and develop the next generation of security leaders
• Solve novel problems where industry best practices don't yet exist
• Make sound technical trade-offs between short-term security needs and long-term business goals

You're curious about:

• How agentic AI will transform vulnerability management in the next 5 years
• The strategic security challenges of specialized AI infrastructure at scale
• What makes security programs successful in hyper-growth environments
• How security decisions impact engineering velocity and customer trust

You're an expert in:

• Security program design and technical program scaling
• Strategic automation architecture and technical leadership
• Hardware vendor partnerships and industry influence
• Navigating technical disagreements with composure, listening and persuading through data and expertise

The base salary range for this role is $188,000 to $275,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).