Senior Application Security Engineer

Posted 8 Days Ago
Be an Early Applicant
4 Locations
Senior level
Cloud • Information Technology • Machine Learning
We empower creators and innovators with access to GPU resources they need to work more efficiently.
The Role
The Senior Application Security Engineer at CoreWeave will enhance security across internal infrastructure and applications by providing consultations, conducting code reviews, threat models, security testing, and leading audits. This role involves collaborating with various teams to address security challenges and improve the organization's security standards.
Summary Generated by Built In

CoreWeave is the AI Hyperscaler™, delivering a cloud platform of cutting edge services powering the next wave of AI. The company’s technology provides enterprises and leading AI labs with the most performant, efficient and resilient solutions for accelerated computing. Since 2017, CoreWeave has operated a growing footprint of data centers covering every region of the US and across Europe. CoreWeave was ranked as one of the TIME100 most influential companies of 2024.

As the leader in the industry, we thrive in an environment where adaptability and resilience are key. Our culture offers career-defining opportunities for those who excel amid change and challenge. If you’re someone who thrives in a dynamic environment, enjoys solving complex problems, and is eager to make a significant impact, CoreWeave is the place for you. Join us, and be part of a team solving some of the most exciting challenges in the industry. 

CoreWeave powers the creation and delivery of the intelligence that drives innovation. To learn more about our values, please visit our careers website.

About the role: 

Our Cyber Security Organization seeks an experienced Senior Application Security Engineer to bolster our security posture across internal infrastructure and application offerings. If you are passionate about security engineering and assurance methodologies and thrive in fast-paced, collaborative environments, we invite you to join us on our journey toward achieving more together.

What You’ll Do:

  • Provide security consultations with engineering peers
  • Architecture reviews of new and existing code changes/additions
  • Conduct full and complete threat models in part of the permit process
  • Configure and own automated code reviews
  • Own the manual code review process
  • On-going Security Testing
  • Risk documentation, remediation verification, and retest validation
  • Engage in the review of full tech-stack solutions, understanding architecture, creating threat models, performing both automated and manual code reviews, and conducting security testing.
  • Lead security audits, risk analysis, vulnerability testing, and security reviews across all elements of the project's software systems.
  • Address challenging, novel situations daily, collaborating with multiple technical teams within and outside CoreWeave.
  • Conduct Security Consults, Incident Response Plan Reviews, and Risk Documentation and Remediation Verification.
  • Configure, troubleshoot and maintain security infrastructure software and hardware.
  • Continuously analyze security systems for improvements, install monitoring software for security breaches and intrusions, and set up preventive measures.
  • Report possible threats or software issues, test company software, firmware, firewalls, and infrastructure setups.
  • Research weaknesses and devise countermeasures, finding cost-effective solutions to cybersecurity challenges.
  • Develop and improve security standards and best practices for the organization, educating and training staff on information system security best practices.
  • Assist employees with cybersecurity, software, hardware, or IT needs, providing solutions to complex issues in a fast-paced environment.

Investing in our people is one of our top priorities, and we value candidates who can bring their diversified experiences to our teams. Here are some qualities we’ve found compatible with our team. We'd love to talk about whether this aligns with your experience and Interests and what you’re excited to work on next.

Who You Are

 Minimum Qualifications:

  • You should be comfortable with a high degree of ambiguity and relish the idea of solving problems that haven't been solved at scale before
  • Bachelor’s degree in Computer Science or related field or equivalent experience
  • Minimum 5 years of Application Security engineering experience and vulnerability testing
  • Strong knowledge of authorization, authentication and encryption protocols and use cases
  • Experience working with development team(s) that have delivered commercial software or software-based services
  • Knowledge of threat modeling or other risk identification techniques
  • Knowledge of system security vulnerabilities and remediation techniques including familiarity with common attack patterns and exploitation techniques (OWASP)
  • Scripting skills (e.g., Perl, Python shell scripting)
  • Knowledge of network and related web protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Ability to write fully functional exploits for common vulnerabilities such as simple stack overflow, cross-site scripting, or SQL injection
  • Familiarity with common attack patterns, exploitation techniques, and standard Security Assessment and Penetration Testing tools such as BurpSuite, Metasploit, and IDA Pro.
  • Proficiency of common security vulnerabilities and the ability to identify these vulnerabilities using SAST and DAST tools.
  • Proficiency in Security Engineering and Assurance methodologies e.g., fuzzing, static and dynamic code analysis.
  • Understanding of secure coding principles and practices and ability to review code for potential security issues.
  • Experience with Kubernetes and related security measures, extensive experience with Linux OS environments.
  • Strong technical background with a critical thinking mindset, excellent interpersonal, verbal, and written communication skills.

Nice-to-Have's:

  • Certifications such as Sec+, Net+, OSCP or other relevant industry certifications.
  • Experience with CrowdStrike, Synk, Rapid 7 Appsec, OSINT, Threat Intelligence.
  • Experience in DevSecOps and integrating security into CI/CD pipelines can be a plus.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $175,000-$210,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.

What We Offer

The range we’ve posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.

In addition to a competitive salary, we offer a variety of benefits to support your needs, including:

  • Medical, dental, and vision insurance - 100% paid for by CoreWeave
  • Company-paid Life Insurance 
  • Voluntary supplemental life insurance 
  • Short and long-term disability insurance 
  • Flexible Spending Account
  • Health Savings Account
  • Tuition Reimbursement 
  • Mental Wellness Benefits through Spring Health 
  • Family-Forming support provided by Carrot
  • Paid Parental Leave 
  • Flexible, full-service childcare support with Kinside
  • 401(k) with a generous employer match
  • Flexible PTO
  • Catered lunch each day in our office and data center locations
  • A casual work environment
  • A work culture focused on innovative disruption

Our Workplace

At CoreWeave, we are committed to operating as a hybrid workplace, offering employees flexibility in how they structure their time between in-office and remote work. We recognize the significance of fostering connections, collaboration, and creativity within our office culture and its positive impact on our business. Our philosophy operating as a hybrid workplace underscores our dedication to enabling employees to tailor work-life balance to their individual preferences.

For those who do not live within 30 miles of one of our offices, we are open to considering remote work for candidates whose skills and experience strongly align with the role. While we prioritize a hybrid work environment for most roles, we understand the importance of flexibility and are open to remote work for specific positions and specialized skill sets. Onboarding is essential to your success. New employees not based out of an office will be invited to attend onboarding training at one of our hubs within their first month of employment. We continue to foster a collaborative environment by bringing teams together quarterly.


California Consumer Privacy Act - California applicants only

CoreWeave is an equal opportunity employer, committed to fostering an inclusive and supportive workplace. All qualified applicants and candidates will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.

As part of this commitment and consistent with the Americans with Disabilities Act (ADA), CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process, unless such accommodation would cause an undue hardship. If reasonable accommodation is needed, please contact: [email protected].

Top Skills

Architecture
Security
Threat Modeling
Vulnerability Testing

What the Team is Saying

Alex
Andy
Sasha
Louis
Taylor
Anthony
Ivy
Darrell
Yitzy
Nicolas
Vaibhav
Robert
The Company
HQ: Roseland, NJ
806 Employees
Hybrid Workplace
Year Founded: 2017

What We Do

CoreWeave, the AI Hyperscaler™, delivers a cloud platform of cutting-edge software powering the next wave of AI. The company's technology provides enterprises and leading AI labs with cloud solutions for accelerated computing. Since 2017, CoreWeave has operated a growing footprint of data centers across the US and Europe. CoreWeave was ranked as one of the TIME100 most influential companies and featured on Forbes Cloud 100 ranking in 2024. Learn more at www.coreweave.com.

Why Work With Us

At CoreWeave we work hard, have fun and move fast! Today we are a small, growing team of intelligent, genuine people, that value different perspectives and approaches to solving complex problems. We foster an environment that champions collaboration and prioritizes innovative solutions. Here, you are surrounded by the best.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

CoreWeave Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: Flexible
HQRoseland, NJ
Bellevue, WA
Brooklyn, NY
London, UK
Philadelphia, PA
Sunnyvale, CA
Learn more

Similar Jobs

CoreWeave Logo CoreWeave

Senior Security Engineer, Infrastructure Security

Cloud • Information Technology • Machine Learning
4 Locations
806 Employees

CoreWeave Logo CoreWeave

Staff Security Engineer, Offensive Security

Cloud • Information Technology • Machine Learning
4 Locations
806 Employees

CoreWeave Logo CoreWeave

Cloud Support Engineer

Cloud • Information Technology • Machine Learning
4 Locations
806 Employees

CoreWeave Logo CoreWeave

Tech Lead Manager, PKI & Secrets Engineering

Cloud • Information Technology • Machine Learning
4 Locations
806 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account