Senior Application Security Engineer

Summary

Join CoreWeave's Cyber Security Organization as a Senior Application Security Engineer to strengthen our security posture across internal infrastructure and applications. You will provide security consultations, conduct threat modeling and code reviews, lead security audits, and address novel security challenges. This role requires 5+ years of application security engineering experience, strong knowledge of security protocols, and proficiency in various security testing methodologies. CoreWeave offers a competitive salary ($175,000-$210,000), comprehensive benefits including 100% employer-paid medical, dental, and vision insurance, paid parental leave, flexible PTO, and a hybrid work environment. We value candidates who thrive in dynamic environments and enjoy solving complex problems. CoreWeave is committed to fostering an inclusive and supportive workplace.

Requirements

• Be comfortable with a high degree of ambiguity and relish the idea of solving problems that haven't been solved at scale before
• Bachelor’s degree in Computer Science or related field or equivalent experience
• 5 years of Application Security engineering experience and vulnerability testing
• Strong knowledge of authorization, authentication and encryption protocols and use cases
• Experience working with development team(s) that have delivered commercial software or software-based services
• Knowledge of threat modeling or other risk identification techniques
• Knowledge of system security vulnerabilities and remediation techniques including familiarity with common attack patterns and exploitation techniques (OWASP)
• Scripting skills (e.g., Perl, Python shell scripting)
• Knowledge of network and related web protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Ability to write fully functional exploits for common vulnerabilities such as simple stack overflow, cross-site scripting, or SQL injection
• Familiarity with common attack patterns, exploitation techniques, and standard Security Assessment and Penetration Testing tools such as BurpSuite, Metasploit, and IDA Pro
• Proficiency of common security vulnerabilities and the ability to identify these vulnerabilities using SAST and DAST tools
• Proficiency in Security Engineering and Assurance methodologies e.g., fuzzing, static and dynamic code analysis
• Understanding of secure coding principles and practices and ability to review code for potential security issues
• Experience with Kubernetes and related security measures, extensive experience with Linux OS environments
• Strong technical background with a critical thinking mindset, excellent interpersonal, verbal, and written communication skills

Responsibilities

• Provide security consultations with engineering peers
• Conduct architecture reviews of new and existing code changes/additions
• Conduct full and complete threat models in part of the permit process
• Configure and own automated code reviews
• Own the manual code review process
• Perform on-going Security Testing
• Conduct risk documentation, remediation verification, and retest validation
• Engage in the review of full tech-stack solutions, understanding architecture, creating threat models, performing both automated and manual code reviews, and conducting security testing
• Lead security audits, risk analysis, vulnerability testing, and security reviews across all elements of the project's software systems
• Address challenging, novel situations daily, collaborating with multiple technical teams within and outside CoreWeave
• Conduct Security Consults, Incident Response Plan Reviews, and Risk Documentation and Remediation Verification
• Configure, troubleshoot and maintain security infrastructure software and hardware
• Continuously analyze security systems for improvements, install monitoring software for security breaches and intrusions, and set up preventive measures
• Report possible threats or software issues, test company software, firmware, firewalls, and infrastructure setups
• Research weaknesses and devise countermeasures, finding cost-effective solutions to cybersecurity challenges
• Develop and improve security standards and best practices for the organization, educating and training staff on information system security best practices
• Assist employees with cybersecurity, software, hardware, or IT needs, providing solutions to complex issues in a fast-paced environment

Preferred Qualifications

• Certifications such as Sec+, Net+, OSCP or other relevant industry certifications
• Experience with CrowdStrike, Synk, Rapid 7 Appsec, OSINT, Threat Intelligence
• Experience in DevSecOps and integrating security into CI/CD pipelines

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption
• Hybrid work environment
• Remote work considered for candidates outside 30 miles of office, with onboarding in person