Security Assurance Engineering - Senior Security Production Engineer

About The Position

Requirements

• A Bachelor’s degree in Information Security, Computer Science, or a related field or equivalent job experience.
• At least 7+ years of hands-on experience in Linux ideally within the cloud services industry
• At least 3+ years of hands-on experience securing Kubernetes clusters in a production environment
• Experience building automated control validation, compliance-as-code, or continuous monitoring systems.
• Strong understanding of security controls, threat models, and operational monitoring.
• Proven experience in a technical security or engineering role, with strong proficiency in scripting languages (e.g., Python)
• Familiarity with modern CI/CD practices and Infrastructure-as-Code tooling.
• Proven experience building, securing, and deploying containerized applications
• Strong experience with technical architectures involving data flows, access controls, retention, and third-party integrations.
• Strong hands-on experience with cloud infrastructure (AWS, GCP) and cloud security.
• Experience with CCM tools, SIEM pipelines, or GRC platforms (e.g., Conveyor, Drata, Vanta, OneTrust, custom tooling).

Nice To Haves

• Expertise in major compliance and security frameworks (SOC 2, ISO 27001, PCI DSS, HIPAA, FedRAMP, NIST, CSF).
• Background in building automation for distributed cloud environments at scale
• Experience with remote-access solutions like Teleport (real bonus points if you’ve submitted PRs on their product)
• Understanding of the SSO protocols, specifically OIDC and SAML
• Hands-on experience with PKI and mTLS

Responsibilities

• Design and build scalable automation, including evidence enrichment, API services, control monitoring, remediation workflows, anomaly detection, and threshold enforcement to streamline and industrialize GRC.
• Engineer continuous, event-driven compliance monitoring systems that replace manual, point-in-time processes.
• Establish the product assurance foundations needed to scale CCM toward agentic, autonomous GRC capabilities.
• Develop compliance-as-code and policy-as-code frameworks integrated into CI/CD pipelines and cloud-native infrastructure.
• Build automated assurance pipelines to continuously collect, enrich, and monitor controls from distributed systems and cloud services.
• Develop control integrations and data pipelines to normalize security telemetry across IAM, logs, scanners, and CCM/GRC tools.
• Deliver automated trend analysis, alerting, and reporting for compliance drift, control failures, and security-risk signals.
• Architect scalable monitoring, reporting, and control-validation solution aligned to enterprise security strategies and regulatory frameworks.
• Build and deliver solutions that demonstrate continuous control effectiveness and security risk posture across the environment.
• Build metrics engines, dashboards, and insights pipelines that provide real-time visibility into compliance health and emerging risks.

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption