Application Security Engineer

Brooklyn, NY, United States

CoreWeave is a specialized cloud provider, delivering a massive scale of GPU compute resources on top of the industrys fastest and most flexible infrastructure. CoreWeave builds cloud solutions for compute intensive use cases VFX and rendering, machine learning and AI, batch processing, and Pixel Streaming that are up to 35 times faster and 80% less expensive than the large, generalized public clouds. Learn more at www.coreweave.com.

This role is ideally based out of our NJ or Brooklyn office, but we are open to remote candidates as well.

About the role:

Our Cyber Security Organization is seeking a seasoned Application Security Engineer to bolster our security posture across internal infrastructure and application offerings. If you are passionate about security engineering, assurance methodologies, and thrive in fast-paced, collaborative environments, we invite you to be a part of our journey towards achieving more together.

Reporting to the Chief Information Security Officer, this role offers the flexibility of working remotely or being based in our offices in Roseland, NJ or Brooklyn, NY, with occasional travel required between these locations and potentially outside (up to 10%) as needed.

Key Responsibilities:

Provide security consultations with engineering peers

Architecture reviews of new and existing code changes/additions

Conduct full and complete threat models in part of the permit process

Configure and own automated code reviews

Own the manual code review process

On-going Security Testing

Risk documentation, remediation verification and retest validation

Additional Details:

Engage in the review of full tech-stack solutions, understanding architecture, creating threat models, performing both automated and manual code reviews, and conducting security testing

Lead security audits, risk analysis, vulnerability testing, and security reviews across all elements of project's software systems

Address challenging, novel situations daily, collaborating with multiple technical teams within and outside CoreWeave

Conduct Security Consults, Incident Response Plan Reviews, and Risk Documentation and Remediation Verification

Configure, troubleshoot, and maintain security infrastructure software and hardware

Continuously analyze security systems for improvements, install monitoring software for security breaches and intrusions, and set up preventive measures

Report possible threats or software issues, test company software, firmware, firewalls, and infrastructure setups

Research weaknesses and devise countermeasures, finding cost-effective solutions to cybersecurity challenges

Develop and improve security standards and best practices for the organization, educating and training staff on information system security best practices

Assist employees with cybersecurity, software, hardware, or IT needs, providing solutions to complex issues in a fast-paced environment

Qualifications:

You should be comfortable with a high degree of ambiguity and relish the idea of solving problems that haven't been solved at scale before

Bachelors degree in Computer Science or related field or equivalent experience

5 years of Application Security engineering experience and vulnerability testing

Strong knowledge of authorization, authentication and encryption protocols and use cases

Experience working with development team(s) that have delivered commercial software or software-based services

Knowledge of threat modeling or other risk identification techniques

Knowledge of system security vulnerabilities and remediation techniques including familiarity with common attack patterns and exploitation techniques (OWASP)

Scripting skills (e.g., Perl, Python shell scripting)

Knowledge of network and related web protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

Ability to write fully functional exploits for common vulnerabilities such as simple stack overflow, cross-site scripting, or SQL injection

Familiarity with common attack patterns, exploitation techniques, and standard Security Assessment and Penetration Testing tools such as BurpSuite, Metasploit, and IDA Pro

Proficiency of common security vulnerabilities and the ability to identify these vulnerabilities using SAST and DAST tools

Proficiency in Security Engineering and Assurance methodologies e.g., fuzzing, static and dynamic code analysis

Understanding of secure coding principles and practices and ability to review code for potential security issues

Experience with Kubernetes and related security measures, extensive experience with Linux OS environments

Strong technical background with a critical thinking mindset, excellent interpersonal, verbal, and written communication skills

Nice-to-Have's:

Certifications such as Sec+, Net+, OSCP or other relevant industry certifications

Experience with CrowdStrike, Synk, Rapid 7 Appsec, OSINT, Threat Intelligence

Experience in DevSecOps and integrating security into CI/CD pipelines can be a plus

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $150,000/year in our lowest geographic market up to $180,000/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.

Why CoreWeave?

At CoreWeave, we work hard, have fun, and move fast! Were in an exciting stage of hyper-growth that you will not want to miss out on. Were not afraid of a little chaos, and were constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values:

Be Curious at your Core

Act like an Owner

Empower Employees

Deliver Best In-Class Client Experience

Achieve More Together

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and provides the opportunity to develop innovative solutions to complex problems. As we get set for take off, the growth opportunities within the organization are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us!

Benefits

We offer a competitive salary and benefits, including:

Medical, dental and vision insurance - 100% paid for the employee

Company paid Life Insurance

Voluntary supplemental life insurance

Short and long-term disability insurance

Flexible Spending Account

Mental Wellness Benefits through Spring Health

Family-Forming support provided by Carrot

Paid Parental Leave

Flexible, full-service childcare support with Kinside

401(k) with a generous employer match

Flexible PTO

Catered lunch each day in our offices

Weekly massages in NJ office

A casual work environment

Work culture focused on innovative disruption

California Consumer Privacy Act - California applicants only

CoreWeave is an equal opportunity employer, committed to our diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.