Staff Security Engineer, Vulnerability Management
$188k - $275kCoreWeave
CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at What You’ll Do We are seeking a Staff Security Engineer to lead the most complex technical work in CoreWeave’s Vulnerability Management program. You will design and implement scalable triage, prioritization, and remediation‑tracking systems across application, infrastructure, and hardware domains. You will set technical standards, drive high‑impact initiatives, and mentor engineers through technical leadership, while partnering with leadership on priorities and execution risks. About The Role Lead high‑complexity VM technical initiatives and deliver architecture decisions for assigned program areas Design and build scalable triage automation, including integrations, decision logic, and production hardening Implement end‑to‑end workflow components from assessment and detection to ticket routing and remediation tracking Provide deep technical leadership on hardware‑adjacent vulnerabilities (GPU firmware, DPU firmware/BlueField, and BMC surfaces) Act as senior technical responder for embargoed disclosures and zero‑day events, coordinating with owner teams that deploy fixes Improve prioritization logic, severity models, and exception workflows through code, design reviews, and technical proposals Produce actionable technical metrics and risk insights for leadership consumption Lead root‑cause analysis for high‑impact vulnerability incidents and implement durable technical improvements Mentor IC3/IC4/IC5 engineers through design guidance, code review, and incident coaching Partner with security, engineering, and operational stakeholders to improve workflow reliability and accelerate remediation outcomes Who You Are 9+ years of relevant experience with demonstrated strategic impact in vulnerability management, application security, platform security, or cloud security engineering Proven track record building and scaling security automation (SOAR workflows, AI/ML systems, detection pipelines) in production environments Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, threat intelligence integration, and risk‑based prioritization frameworks Excellent development background with strong coding skills in Python, Go, or similar languages for building scalable, production‑grade security systems Significant experience with modern vulnerability management tooling (for example Wiz, Semgrep, Rapid7, Tenable, or equivalent) Experience with specialized infrastructure: GPU/DPU environments, firmware security, hardware vulnerabilities, or high‑performance computing Demonstrated track record mentoring engineers across levels and driving cross‑functional technical initiatives at organizational scale Strong business acumen and understanding of how security decisions impact engineering velocity, customer trust, and business outcomes Preferred Practical experience building AI/ML‑powered security systems (LLM integration, automated decision‑making, human‑in‑the‑loop validation) in production Experience managing hardware vendor security partnerships (embargoed disclosures and pre‑release collaboration) Production experience with security automation platforms such as TINES and serverless frameworks (AWS Lambda, GCP Cloud Functions) Strong DevOps, DevSecOps, or SRE background with deep experience in AWS/GCP/Azure cloud services and Infrastructure as Code (Terraform, CloudFormation) Deep understanding of Kubernetes security (container scanning, admission controllers, supply chain security, runtime protection) Experience leading security programs through rapid hypergrowth (10x+ infrastructure scaling) in startup or cloud‑native environments Practical experience managing vulnerabilities within a FedRAMP‑certified environment or similar regulatory frameworks What We Offer The base salary range for this role is $188,000 to $275,000. The starting salary will be determined based on job‑related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility). In addition to a competitive salary, we offer a variety of benefits to support your needs, including: Medical, dental, and vision insurance – 100% paid for by CoreWeave Company‑paid Life Insurance Voluntary supplemental life insurance Short and long‑term disability insurance Flexible Spending Account Health Savings Account Tuition Reimbursement Ability to Participate in Employee Stock Purchase Program (ESPP) Mental Wellness Benefits through Spring Health Family‑Forming support provided by Carrot Paid Parental Leave Flexible, full‑service childcare support with Kinside 401(k) with a generous employer match Flexible PTO Catered lunch each day in our office and data center locations A casual work environment A work culture focused on innovative disruption Our Workplace While we prioritize a hybrid work environment, remote work may be considered for candidates located more than 30 miles from an office, based on role requirements for specialized skill sets. New hires will be invited to attend onboarding at one of our hubs within their first month. Teams also gather quarterly to support collaboration. California Consumer Privacy Act – California applicants only CoreWeave is an equal opportunity employer, committed to fostering an inclusive and supportive workplace. All qualified applicants and candidates will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. As part of this commitment and consistent with the Americans with Disabilities Act (ADA), CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process, unless such accommodation would cause an undue hardship. If reasonable accommodation is needed, please contact: View email address on click.appcast.io. Export Control Compliance This position requires access to export controlled information. To conform to U.S. Government export regulations applicable to that information, applicant must either be (A) a U.S. person, defined as a (i) U.S. citizen or national, (ii) U.S. lawful permanent resident (green card holder), (iii) refugee under 8 U.S.C. 1157, or (iv) asylee under 8 U.S.C. 1158, (B) eligible to access the export controlled information without a required export authorization, or (C) eligible and reasonably likely to obtain the required export authorization from the applicable U.S. government agency. CoreWeave may, for legitimate business reasons, decline to pursue any export licensing process. 1157, or (iv) asylee under 8 U.S.C. 1158 (B) eligible to access the export controlled information without a required export authorization, or (C) eligible and reasonably likely to obtain the required export authorization from the applicable U.S. government agency #J-18808-Ljbffr CoreWeave
- Okta, located in New York City, is looking for a Staff Product Security Engineer to safeguard its products through comprehensive security reviews... ...role will conduct penetration testing and identify vulnerabilities while mentoring junior engineers and representing Okta...Suggested
$207k - $301k
...experience. 8 years of experience with security engineering, computer and network security and... ...enterprise environment. Experience in people management. Preferred qualifications... ...identify and fix security flaws and vulnerabilities. You are a recognized expert in at least...SuggestedTemporary work$78k - $135k
Coalfire, located in Chicago, Illinois, is seeking a Vulnerability Management professional to oversee the lifecycle of security programs and manage compliance with key frameworks. Ideal candidates will have 3-5 years of experience in security operations and a strong understanding...Suggested- Alignerr is seeking a Vulnerability Management Analyst to help train and evaluate AI models by analyzing CVEs, exposure scenarios, and remediation... ...flexible scheduling and global collaboration for qualified security practitioners. You will classify risk, validate patching...SuggestedRemote jobHourly payContract workFlexible hours
$78k - $135k
What You'll Do Manage Plan of Action & Milestones (POA&Ms) lifecycle including creation... ...Collect, organize, and maintain security control evidence and artifacts for monthly... ...supporting risk assessments Translate technical vulnerability findings into risk‑based language for...SuggestedWork experience placement- A technical staffing firm is seeking an IT Analyst for a remote contract position. The role involves reviewing Tenable Vulnerability Management systems, analyzing reports, prioritizing remediation efforts, and coordinating with technical teams. Ideal candidates should...Remote jobContract work
$100k - $145k
Application Vulnerability & Obsolescence Analyst Talan is an international consulting and technology... ...CIB clients in keeping their software secure and up to date. The ideal candidate has... ...risk and application lifecycle management. Qualifications Bachelor’s degree in...Worldwide- EVERSANA India Pvt. Ltd is looking for an IT Security professional to recommend and install... ...cyberattacks. You will conduct vulnerability analysis, monitor systems, and collaborate... ...the compliance team to ensure risk is managed effectively. The ideal candidate has at...
- ManpowerGroup is seeking a Vulnerability Management Analyst to oversee Enterprise Payments vulnerabilities. This remote position requires expertise in the Brinqa Vulnerability tool and advanced Excel skills to effectively lead remediation efforts and analyze vulnerability...Remote job
- New York University is seeking a Vulnerability Management Analyst 2 to join Security Operations and drive effective vulnerability identification and remediation. You will leverage advanced tools and workflows to identify impacted systems and optimize processes, collaborating...Remote job
$110k - $130k
Position Title Vulnerability Management Analyst 2 Posting Information Posting Number: 2026-15806 Location... ...more than 60% of time Department: Security Operations School/Division: NYU IT (... ...Studio, Internet of Things search engines (e.g. Censys, Shodan), scanning a large...Full timePart timeWork experience placementRemote work- Experis US LLC is looking for a Vulnerability Management Analyst to manage vulnerabilities in Enterprise Payments. This role involves reviewing... ...financial services sector. This position is crucial for enhancing the security of our applications. #J-18808-Ljbffr Experis US LLCRemote job
$188k - $275k
A leading cloud computing company in New York seeks a Staff Security Engineer to lead complex vulnerability management initiatives. You will design automated triage systems, mentor engineers, and ensure security across infrastructures. With over 9 years of experience in...Remote work- About Us Turnkey builds secure, developer-first infrastructure for private key management, making it simple to create wallets... ...Senior Application Security Engineer to join Turnkey's team and help... ...Auditing and surfacing vulnerabilities in our current products Conducting...Work at office
- QUANTEAM - North America (RAINBOW PARTNERS Group) is seeking a Vulnerability & Patch Management Analyst to join their New York team. The successful candidate will manage the end-to-end VPM program, working closely with network teams and IT stakeholders in a global financial...
$225k - $275k
...compounding interest. Affirm values information security as a critical part of the company’s... ...source code to identify security vulnerabilities and provide recommendations for secure... ...cross-team projects into individual tasks. Manage scope across teams and drive toward...Work at officeRemote workFlexible hours$180k - $247.5k
Secure Every Identity, from AI to Human Identity is the key to unlocking the... .... If you are too, let's talk. The Staff Product Security Engineer Opportunity As a Staff Product Security... ..., and handling externally reported vulnerabilities. You will engage in code reviews,...Local areaWorldwideFlexible hours- Oscar Health is seeking a Senior Product Security Engineer 1 to join our Security Team in New York City. You will lead security across... .... You will mentor junior engineers, review code, drive vulnerability management, and build risk-based security controls. The role...
$100k - $110k
Sony Music Entertainment in New York is seeking a Cyber Security Testing Analyst to contribute to security testing efforts. You... ...cyber security, focusing on technical security testing and vulnerability management. The position offers an annual salary range of $100,000 to...- ...Active Directory/ Priviledge Access Management Lead Engineer for one of our top tier global clients... ...and managing Active Directory security controls and hardening initiatives... ...remediating Active Directory security vulnerabilities and misconfigurations Experience working...Long term contractWork experience placementLocal area
- The ServiceNow Identity Security Engineer supports the implementation, configuration, and ongoing delivery of identity security solutions... ...insights with cybersecurity programs such as exposure management, vulnerability management, or security operations Develop direct...Remote work
$210k - $230k
...into the Director, Information Security and build relationships with... ...and remediate application vulnerabilities. This individual contributor... ...posture and enable our engineers to code safely. Innovate with... ...safe coding and vulnerability management Assist penetration testing initiatives...Full timeWork at officeFlexible hours- ...entire firm adopts AI securely. This is a 50/50... ...automating threat detection, vulnerability triage, incident... ...triage, vulnerability management, and incident... ...security copilots for engineering teams that perform real... ...impact at a senior or staff level. 3+ years of hands...Contract work
$204k - $240k
...Range $204,000.00 - $240,000.00 Role Summary Etsy is seeking a Staff Security Engineer to join our Security Operations team. As part of the larger... ...and infrastructure. Security Operations is responsible for managing our strategy, technologies, and execution of threat...Full timeLocal areaVisa sponsorship$160k - $190k
...Mission or Department Overview The newsroom security engineer within Cybersecurity is a hands‑on... ...the Cybersecurity department, you will manage complex projects end‑to‑end. You will also... ...strengthen protections for newsroom staff while supporting efficient journalistic...Work at officeLocal areaFlexible hours$217k - $255k
...keep reading. The Red Team’s mission is to identify and reduce real-world security risks across Robinhood by simulating adversary behavior and testing defenses. As a Staff Offensive Security Engineer, you will plan and execute security assessments across applications,...Work at officeShift work3 days per week- Nscale, based in New York, is hiring a Staff Security Engineer to focus on Endpoint and Device Security. You'll build the security foundation for employees, ensuring secure, reliable configurations across various devices. The ideal candidate will have over 7 years in endpoint...
- Etsy is seeking a Staff Security Engineer to join our Security Operations team in New York City. This full-time position focuses on protecting... ...include enhancing detection processes, threat hunting, and managing incident responses while mentoring colleagues. A successful...Full time
$240k - $300k
Staff Security Engineer | Series A Cloud Platform Company | NYC (Onsite) Are you a software engineer who loves solving complex cloud and container security challenges? I’m partnered with a well‑funded, fast‑growing Series A cloud platform startup in NYC that is hiring its...$196k - $245k
...opportunities, join us, and build real world value. As a Staff Security Engineer within the Secure Digital Asset Operations (SDAO) function... ...off‑chain transactions. Strong working knowledge of key management solutions (MPC, HSM, etc.), cryptography, and key lifecycle...Full timeContract workWork at officeLocal area
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Staff Security Engineer, Vulnerability Management. Be the first to apply!
- assistant chief engineer New York, NY
- technology administrator New York, NY
- project engineer assistant project manager New York, NY
- staff security engineer New York, NY
- engineering aide New York, NY
- senior staff systems engineer New York, NY
- staff design engineer New York, NY
- research assistant engineering New York, NY
- staff data engineer New York, NY
- assistant engineering manager New York, NY
