overlay
Director, Security Engineering
Information Technology/Cyber
hybrid: Roseland
added Sat Oct 14, 2023
link-outApply to CoreWeave

Description:

The Director, Security Engineering at CoreWeave will be responsible for designing, building and supporting the security infrastructure and supporting security features of the CoreWeave Cloud and associated technologies. This role is a high visibility role and of the utmost importance for ensuring CoreWeave builds leading security capabilities in order to protect the infrastructure and assets running the world-leading specialized GPU cloud. This position is new to the Organization and the successful candidate will be able to identify needs, build a team and execute on a plan to deliver the aforementioned responsibilities.

Core role responsibilities include, but are not limited to:

  • Develop and execute a comprehensive security strategy and roadmap that aligns with the CoreWeave’s goals and objectives. Manage Security Engineering’s core projects through the entire project lifecycle.
  • Recruit, lead, and manage the Security Engineering team, provide guidance, mentorship, and direction to ensure the team's success. Ability to conduct technical interviews to help identify and recruit top technical security professionals is a must.
  • Lead and develop a team of security engineers; provide technical leadership through hands-on development work and execution. A successful candidate in this role is also a technical leader, meaning you are not afraid to get your hands dirty.
  • Collaborate with CoreWeave’s Engineering, Product, Legal, IT, Internal Audit and other teams to integrate security best practices into the development and deployment of products and services.
  • Monitor industry trends, threat intelligence, and regulatory changes in order to adapt Security Engineering’s goals and objectives to rapidly address emerging security challenges.
  • Evaluate the efficacy of third-party and internally developed security controls.
  • Utilize security automation, scripting, and third-party tools as a force multiplier in tackling large-scale security issues. Additionally, identify opportunities for security automation in repeatable processes.
  • Define and improve CoreWeave’s cybersecurity policies, standards, baselines, and secure design documentation.
  • Identify and assess potential security risks and vulnerabilities associated with the company's platform, systems, and infrastructure through thread modeling and security assessments, as well as design programs and initiatives to mitigate security risks and increase security hardening on new and existing builds.
  • Communicate nuanced and wide-spread security issues to a diverse audience of technical and non-technical leaders.

Minimum Qualifications & Experience:

  • A minimum of 8+ years of experience in security engineering, with at least 3+ years in a security leadership role.
  • Bachelor’s Degree in Computer Science, Engineering, or other related discipline or 8+ years of previous technical experience, specifically security engineering and architecture experience.
  • Proven track record of developing a highly effective technical team of security engineers.
  • Exceptional technical skills as well as verbal and written communication skills, specifically the ability to communicate within the context of the intended audience, whether that be senior executives or highly technical engineering resources.
  • Thorough understanding of OWASP Top 10 and the MITRE ATT&CK framework, including threats faced by cloud service providers and digital platform organizations.
  • 5+ years hands-on experience in managing enterprise security tools such as Vulnerability Management Tools, Network Security Tools, Security Orchestration solutions, Security Information and Event Monitoring (SIEM), PKI, VPN, etc.
  • Hands-on technical experience with Kubernetes infrastructure, on-premises network and compute architectures and, specifically, the security aspects thereof.
  • Define KPIs and business metrics which ensures that information security provides great service to its internal customers, especially engineering stakeholders.
  • Hands on technical experience with compliance and regulatory frameworks (e.g. SOC2, ISO, GDPR, HIPAA, HITRUST, FedRAMP) and how they affect architecture designs and reviews.
  • You hold security certifications in one or more of the following:
    • ITIL Foundation, Project+, CAPM, GIAC Cloud Security Automation (GCSA), Certified Kubernetes Security Specialist (CKS), Kubernetes and Cloud Security Associate (KCSA), Certified Kubernetes Administrator (CKA), OSCP, OSCE, CRTO, CISSP, CASP, GIAC Penetration Tester Certification (GPEN), GIAC Certified Project Manager (GCPM), GIAC Security Operations Manager Certification (GSOM), GIAC Security Leadership (GSLC), GIAC Strategic Planning, Policy, and Leadership (GSTRT), GIAC Systems and Network Auditor Certification (GSNA), GIAC Cloud Security Automation (GCSA), GIAC Certified Incident Handler Certification (GCIH), GIAC Experienced Incident Handler (GX-IH)

This position requires the resource to be on-site at least three days a week. The Director for Security Engineering will be ingrained within the core of the Engineering and Security teams. There will be times where the resource needs to be available outside of regular business hours to support critical issues, projects or meetings. CoreWeave is a fast growth startup, and the selected candidate is willing to be flexible for when they are needed.

Why CoreWeave?

At CoreWeave, we work hard, have fun, and move fast! We’re in an exciting stage of hyper-growth that you will not want to miss out on. We’re not afraid of a little chaos, and we’re constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values:

  • Be Curious at your Core
  • Act like an Owner
  • Empower Employees
  • Deliver Best In-Class Client Experience
  • Achieve More Together

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and provides the opportunity to develop innovative solutions to complex problems. As we get set for take off, the growth opportunities within the organization are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us!

Benefits

We offer a competitive salary and benefits, including:

  • Medical, dental and vision insurance - 100% paid for the employee
  • Life Insurance
  • Short and long-term disability insurance
  • Flexible Spending Account
  • Flexible, full-service childcare support with Kinside
  • 401(k) with a generous employer match
  • Flexible PTO
  • Catered lunch each day in our offices
  • Weekly massages in NJ office
  • A casual work environment
  • Work culture focused on innovative disruption

California Consumer Privacy Act - California applicants only

CoreWeave is an equal opportunity employer, committed to our diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.

CoreWeave is a specialized cloud provider, delivering a massive scale of GPUs on top of the industry’s fastest and most flexible infrastructure.