Principal Engineer, Security Products — Cryptography and Key Lifecycle Management

<div class="content-intro"><div> <div> <div class="gmail_quote"> <div> <div><span id="m_1770241969069985273m_-2746164444908759431gmail-docs-internal-guid-131e4fb0-7fff-b4e9-ff50-e8cf32449b1b">CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at&nbsp;<a href="http://www.coreweave.com/" target="_blank" data-saferedirecturl="https://www.google.com/url?q=http://www.coreweave.com&amp;amp;source=gmail&amp;amp;ust=1762613132717000&amp;amp;usg=AOvVaw3D-UOhNaqEvF5BEWxjYyAU&quot;&gt;www.coreweave.com&lt;/a&gt;.&lt;/span&gt;&lt;/div> </div> </div> </div> </div></div><p>The Security Products organization at CoreWeave builds the identity, encryption, and self-managed security integrations that protect AI workloads and data across our cloud platform. If you are passionate about building foundational security primitives that enable enterprises and the top AI labs in the world to deploy regulated and security‑sensitive workloads at extreme scale, this is the team to join!</p> <p><strong>About the role</strong></p> <p>CoreWeave is seeking a Staff or Principal Engineer for our Security Products team to lead the technical direction and implementation of encryption and key lifecycle management&nbsp; In this role, you’ll design and evolve the key lifecycle management, encryption control planes, algorithm/library selection, and systems integrations that allow CoreWeave customers to deploy sensitive, high security AI workloads and data. You’ll partner closely with teams across CoreWeave to develop customer-driven cryptography technology. Your day‑to‑day will blend hands‑on system design and coding with cross‑team technical leadership, design reviews, and roadmap shaping for Security Products.</p> <p>In this role, you will:</p> <ul> <li>Lead the design and evolution of encryption and key lifecycle management products.</li> <li>Manage encryption and cryptography technology development for services within our Cloud Platform, particularly those for high security and highly regulated customers.</li> <li>Design and build deep integrations between our Cloud Platform and external key sources (eg, HashiCorp Vault, AWS KMS, HSMs).</li> <li>Collaborate with other product engineering teams to support the safe use of multicloud key management technology.</li> <li>Partner with IAM to define unified authorization patterns and policy models for key management APIs with consistent semantics across the resource hierarchy.</li> <li>Establish SLIs / SLOs for Remote Key Encryption (RKE) and related services, including availability, latency, and durability guarantees for key retrieval and encryption operations.</li> <li>Partner with the Security Engineering team on threat modeling and corporate strategy to enable the most sensitive AI workloads in the world to be deployed on CoreWeave's infrastructure.</li> <li>Author and review detailed technical designs and RFCs for new RKE capabilities, mentor other engineers on the team, and provide technical leadership across Security Products and adjacent organizations.</li> </ul> <p><strong>Who You Are</strong></p> <ul> <li>8+ years of experience building and operating distributed backend systems in production, including ownership of reliability and security outcomes for critical services.</li> <li>Deep experience with encryption at rest and key management systems, including envelope encryption patterns, key hierarchies and secure key lifecycle management.</li> <li>Hands-on experience integrating with at least one major KMS or secrets manager (e.g., AWS KMS, HashiCorp Vault, Azure Key Vault, GCP KMS, HSMs), including designing APIs and workflows around those systems.</li> <li>Strong proficiency in a systems programming language such as Go (preferred) or Rust, with experience building networked services (gRPC / REST) in a Linux / Kubernetes environment.</li> <li>Solid understanding of applied cryptography concepts relevant to data‑at‑rest protection (AES‑GCM/CTR, key wrapping, KDFs, randomness requirements, envelope encryption, and key separation) with the ability to reason about threat models and failure modes with Security partners.</li> <li>Experience designing and operating multi‑tenant services with strong isolation and authorization semantics across customers and internal tenants.</li> <li>Demonstrated track record of leading cross‑team technical initiatives, driving projects from problem statement through rollout, alignment, and operational readiness.</li> <li>Strong operational experience defining SLIs / SLOs, building dashboards and alerts, and partnering with SRE / Production Engineering on incident response and post‑incident improvement.</li> <li>Excellent written and verbal communication skills with the ability to produce clear, opinionated design docs that influence Senior Engineers, PMs, and Security stakeholders through context setting and sound technical judgment</li> </ul> <p><strong>Preferred (if applicable)</strong></p> <ul> <li>Prior experience designing or implementing remote or externalized key management for cloud storage, databases, or filesystems (e.g., BYOK/BYOKMS, customer‑managed keys, envelope encryption for S3‑like object storage).</li> <li>Experience with hardware‑backed key management (HSMs) and cryptographic compliance regimes (FIPS 140‑2/3, PCI, HIPAA, FedRAMP Moderate+, or similar) and how they shape system design.</li> <li>Familiarity with IAM policy models (RBAC / ABAC, OpenFGA, OPA/Rego, etc.) and how to integrate fine‑grained authorization into security‑sensitive APIs.</li> <li>Experience extending encryption and key management across multiple storage domains (object storage, block/file storage, databases, control plane state like etcd) in a coherent way.</li> <li>Background working in security‑sensitive or regulated environments where auditability, segregation of duties, and key custody requirements are critical.</li> <li>Contributions to open source cryptography, security tooling, or KMS/client libraries.</li> <li>Previous US/NATO federal cryptographic security experience is ideal but not necessary.&nbsp;</li> </ul> <p><strong>Wondering if you’re a good fit?</strong></p> <p>We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams – even if you aren't a 100% skill or experience match. Here are a few qualities we’ve found compatible with our team. If some of this describes you, we’d love to talk.</p> <ul> <li>You care deeply about getting the cryptographic and operational details right, and you’re comfortable saying “no” to shortcuts that weaken security or key custody guarantees.</li> <li>You’re excited by the challenge of building foundational security primitives that other product teams and large enterprises will build on for years.</li> <li>You enjoy working at the intersection between Platform, Storage, IAM, and Security Engineering, and you can translate between those domains without losing the plot.</li> <li>You’re skilled at turning complex requirements for highly regulated customers into simple, reliable, well‑documented APIs and workflows.</li> <li>You’re comfortable operating in a fast‑moving environment, iterating quickly while still holding a high bar for design review, testing, and safe rollout of security‑sensitive changes.</li> </ul> <p>&nbsp;</p> <p><em data-stringify-type="italic">The base salary range for this role is $206,000 to $303,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).&nbsp;</em></p><div class="content-conclusion"><p><strong>What We Offer</strong></p> <p>The range we’ve posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.</p> <p>In addition to a competitive salary, we offer a variety of benefits to support your needs, including:</p> <ul> <li>Medical, dental, and vision insurance - 100% paid for by CoreWeave</li> <li>Company-paid Life Insurance&nbsp;</li> <li>Voluntary supplemental life insurance&nbsp;</li> <li>Short and long-term disability insurance&nbsp;</li> <li>Flexible Spending Account</li> <li>Health Savings Account</li> <li>Tuition Reimbursement&nbsp;</li> <li>Ability to Participate in Employee Stoc