Application Security Engineer

Summary

Join CoreWeave, a leading AI hyperscaler, and contribute to the development of cutting-edge applications and platforms. As an Application Security Engineer, you will be responsible for ensuring the security of our applications by conducting architecture reviews, security assessments, and code reviews. You will also develop secure coding practices and collaborate with development teams to integrate security into their CI/CD pipelines. This role requires at least 3 years of experience in application security, strong skills in secure coding reviews and threat modeling, and experience with modern development environments, containers, microservices, and CI/CD pipelines. Preferred qualifications include hands-on experience with Kubernetes security, familiarity with SAST/DAST tools, and a deep understanding of cloud-native security challenges and solutions. CoreWeave offers a competitive salary, comprehensive benefits, and a hybrid work environment.

Requirements

• At least 3 years of experience directly focused on securing the software lifecycle
• Strong skills in application architecture, secure coding reviews, and threat modeling
• Solid experience developing secure applications or security tooling in Go, Python, or similar modern languages
• Proven experience collaborating with developers to implement secure coding practices
• Excellent ability to negotiate and reach consensus with developers and fellow security practitioners, as well as excellent documentation skills
• Familiarity with modern development environments, containers, microservices, and CI/CD pipelines

Responsibilities

• You'll unravel and tackle application security challenges at an exhilarating scale
• You'll collaborate with exceptional engineers developing cutting-edge applications and platforms
• You'll enjoy the freedom and support to experiment, innovate, and significantly shape our approach to securing applications
• Conducting architecture reviews, security assessments, and code reviews to proactively identify and fix vulnerabilities in our applications
• Developing robust, repeatable frameworks for application security that make it easy for teams to build securely from day one
• Collaborating closely with development teams to integrate security seamlessly into their CI/CD pipelines
• Crafting clear, practical security guidance and documentation that empowers developers
• Actively participating in architectural discussions and providing insightful security recommendations
• Occasionally, 'drawing the owl' - figuring out innovative solutions while navigating ambiguous situations

Preferred Qualifications

• Hands-on experience with Kubernetes security, especially as it relates to being a YAML engineer
• Familiarity with SAST/DAST and other automated application security testing tools
• Deep understanding of cloud-native security challenges and solutions

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption