Vulnerability Management Engineer

CoreWeave is the AI Hyperscaler™, delivering a cloud platform of cutting edge services powering the next wave of AI. Our technology provides enterprises and leading AI labs with the most performant, efficient and resilient solutions for accelerated computing. Since 2017, CoreWeave has operated a growing footprint of data centers covering every region of the US and across Europe. CoreWeave was ranked as one of the TIME100 most influential companies of 2024.

As the leader in the industry, we thrive in an environment where adaptability and resilience are key. Our culture offers career-defining opportunities for those who excel amid change and challenge. If you’re someone who thrives in a dynamic environment, enjoys solving complex problems, and is eager to make a significant impact, CoreWeave is the place for you. Join us, and be part of a team solving some of the most exciting challenges in the industry.  

CoreWeave powers the creation and delivery of the intelligence that drives innovation. 

About the role:

Are you ready to embark on an exhilarating journey of shaping the future of cloud computing? At CoreWeave, we're not just another cloud provider - we're pioneers revolutionizing the industry by putting bleeding edge GPU technology on top of the industry's fastest and most adaptable infrastructure. We are on the hunt for remarkable engineers  for our Vulnerability Management program, who share our passion and possess deep subject matter expertise in the realm of cybersecurity, specifically in the securing of Kubernetes and High Performance Computing Networks along with compliance requirements enterprise customers expect of Cloud Computing platforms. 

Kubernetes and high-performance network connectivity form the core of the CoreWeave platform. Leveraging this robust foundation, our customers develop AI/ML and High Performance Computing workloads. As a vulnerability engineer, your role is to help measure and maintain the security posture of CoreWeave from both an enterprise and product perspective using automation. You will also guide the company  in implementing best practices to manage and address vulnerabilities in both the enterprise and product through penetration tests. 

Your role will not only be to engage our internal Security teams, but to also align closely with our engineering teams. You will offer valuable vulnerability insights and have the chance to contribute directly to our security posture by helping to proactively identify vulnerabilities and issues of concern.

If you're driven by innovation, thrilled by the possibilities of what specialized compute can enable, and eager to be part of a team that's shaping the future, then CoreWeave is the place for you. Join us and let's embark on this adventure together!

What You'll Do:

• Be a high-functioning individual contributor responsible for securing CoreWeave and its infrastructure.
• Help implement vulnerability management program policies and procedures.
• Perform proactive  vulnerability identification and prioritization as a part of the vulnerability management program using  an impact-driven approach.
• Perform internal vulnerability prioritization and recommend fixes amongst internal stakeholders/support teams.
• Stay abreast of the latest developments, vulnerabilities and threats  in cloud computing,infrastructure and cyber security.
• Track, maintain and  report on vulnerability management SLAs against CoreWeave Security’s customer contractual agreements and Terms of Service.

Wondering if you’re a good fit? We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams – even if you aren't a 100% skill or experience match. Here are a few qualities we’ve found compatible with our team. If some of this describes you, we’d love to talk. 

• 5+ years of experience in cybersecurity, vulnerability management, or cloud security.
• Deep expertise in securing Kubernetes clusters, container runtimes, and orchestrators.
• You’re familiar with securing containerization technologies such as Kubernetes and Docker as well as performing vulnerability scanning and misconfiguration analysis on Kubernetes clusters and containerized workloads.
• Strong knowledge of Kubernetes security frameworks (CIS Benchmarks, Pod Security Standards, OPA/Gatekeeper, Kyverno).
• Strong understanding of CVSS scoring, patch management, and risk assessment methodologies.
• You have proven experience as a cybersecurity professional with a focus on vulnerability management and remediation programs.
• You have strong technical expertise in cybersecurity, cloud computing concepts, architecture, and technologies, and some hands-on experience in designing and implementing cloud solutions.
• You have deep experience with MacOS and/or Linux system administration
• You communicate clearly and with empathy, and have a knack for talking about complex technical concepts to both technical and non-technical audiences
• You like tackling a gnarly problem. You can analyze complex situations and develop creative and effective solutions.
• You get it done. You’re self-motivated, proactive, and able to work independently and within a high-functioning team.
• Knowledge of scripting languages such as Python or shell (bash/sh)
• Strong experience with Vulnerability Management Platforms such as Rapid7
• Experience with Center for Internet Security (CIS) benchmarks for secure configurations.
• Practical experience with compliance and regulatory frameworks (e.g. SOC2, ISO 27001, GDPR, HIPAA, HITRUST, FedRAMP).
• Relevant certifications such as CISSP, CISM, or CEH are a plus
• Experience with automation and orchestration tools, such as Ansible, Terraform, or Kubernetes, is valuable.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $140,000-$190,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. This position also includes a discretionary bonus, equity, and a comprehensive benefits package.

What We Offer

The range we’ve posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.

In addition to a competitive salary, we offer a variety of benefits to support your needs, including:

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance 
• Voluntary supplemental life insurance 
• Short and long-term disability insurance 
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement 
• Mental Wellness Benefits through Spring Health 
• Family-Forming support provided by Carrot
• Paid Parental Leave 
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption

Our Workplace

While we prioritize a hybrid work environment, remote work may be considered for candidates located more than 30 miles from an office, based on role requirements for specialized skill sets. New hires will be invited to attend onboarding at one of our hubs within their first month. Teams also gather quarterly to support collaboration

California Consumer Privacy Act - California applicants only

CoreWeave is an equal opportunity employer, committed to fostering an inclusive and supportive workplace. All qualified applicants and candidates will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.

As part of this commitment and consistent with the Americans with Disabilities Act (ADA), CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process, unless such accommodation would cause an undue hardship. If reasonable accommodation is needed, please contact: careers@coreweave.com.