Senior Security Engineer, Enterprise Security

<div class="content-intro"><div> <div> <div class="gmail_quote"> <div> <div><span id="m_1770241969069985273m_-2746164444908759431gmail-docs-internal-guid-131e4fb0-7fff-b4e9-ff50-e8cf32449b1b">CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at&nbsp;<a href="http://www.coreweave.com/" target="_blank" data-saferedirecturl="https://www.google.com/url?q=http://www.coreweave.com&amp;amp;source=gmail&amp;amp;ust=1762613132717000&amp;amp;usg=AOvVaw3D-UOhNaqEvF5BEWxjYyAU&quot;&gt;www.coreweave.com&lt;/a&gt;.&lt;/span&gt;&lt;/div> </div> </div> </div> </div></div><h3>What You’ll Do:</h3> <p>The <strong>Enterprise Security</strong> team at CoreWeave is responsible for securing how our people work every day—identity, endpoints, networks, and SaaS—so the company can move fast without compromising safety. This team owns the controls, guardrails, and automation that keep our workforce, contractors, and critical business applications protected in a modern, cloud-native environment.</p> <p>If you’re excited about&nbsp;<strong>zero trust</strong>, <strong>phishing-resistant MFA</strong>, and building secure-by-default experiences that actually make people more productive, this is the team to join.</p> <h3>About the Role:</h3> <p>As a <strong>Senior Security Engineer, Enterprise Security</strong>, you’ll design and ship the security controls that underpin CoreWeave’s workforce and enterprise stack. You’ll lead initiatives across identity, access management, device and endpoint security, and SaaS security—partnering closely with IT Engineering, Endpoint, Network, and other security teams.</p> <p>Your day-to-day will blend <strong>hands-on engineering</strong> (writing code, building integrations, tuning controls) with <strong>architecture and program ownership</strong> (setting standards, defining patterns, and driving adoption across teams). You’ll be responsible for turning high-level objectives—like “implement zero trust for workforce access” or “deploy phishing-resistant MFA at scale”—into concrete designs, automation, and measurable risk reduction.</p> <p>In this role, you will:</p> <p><strong>Engineer modern identity and access controls</strong></p> <ul> <li>Design, implement, and operate workforce identity solutions (e.g., Okta/Entra and other IdPs) including SSO, MFA, conditional access, and lifecycle automation via SCIM.</li> <li>Develop and roll out <strong>phishing-resistant MFA</strong> for high-value accounts and critical access paths (e.g., FIDO2/WebAuthn, hardware keys, device-bound authenticators).</li> <li>Define and maintain RBAC/IAM patterns for enterprise applications (role models, groups, entitlements, JIT access, and approvals).</li> </ul> <p><strong>Implement zero trust for workforce and enterprise access</strong></p> <ul> <li>Design and deploy controls that combine <strong>user identity, device posture, network context, and application sensitivity</strong> to enforce least-privilege access.</li> <li>Partner with Network and Infrastructure teams to integrate mTLS, service identity, and policy-based access into internal services and admin interfaces.</li> <li>Help transition from legacy perimeter models to <strong>zero trust network access (ZTNA)</strong> patterns for employees, contractors, and third parties.</li> </ul> <p><strong>Secure SaaS and collaboration platforms</strong></p> <ul> <li>Evaluate, onboard, and harden SaaS applications (Google Workspace, Microsoft 365, Slack, HRIS, ticketing, and other business apps) to align with enterprise security policies.</li> <li>Implement and tune controls such as SCIM provisioning, data access policies, DLP, sharing controls, and audit logging across the SaaS estate.</li> <li>Partner with business and IT owners to ensure new SaaS applications meet baseline security standards before adoption.</li> </ul> <p><strong>Harden endpoints and the extended workforce</strong></p> <ul> <li>Collaborate with Endpoint/IT teams to define and enforce baseline configurations for laptops, workstations, and other managed devices via MDM and EDR.</li> <li>Design secure patterns for contractor and vendor access, including device requirements, identity separation, and time-bound access.</li> <li>Support investigations and incident response related to identity, endpoint, and SaaS domains.</li> </ul> <p><strong>Automate and instrument everything you can</strong></p> <ul> <li>Build automation and self-service experiences for access requests, approvals, access reviews, and break-glass workflows.</li> <li>Develop integrations between IdPs, HRIS, ticketing, and other systems to minimize manual toil and reduce identity-related error rates.</li> <li>Define and instrument metrics for enterprise security (e.g., MFA coverage, zero trust policy enforcement, joiner/mover/leaver SLA adherence, SaaS posture).</li> </ul> <p><strong>Partner on detection, response, and governance</strong></p> <ul> <li>Work with Security Operations and SIEM teams to ensure robust visibility into identity, device, and SaaS activity, and to build high-signal detections.</li> <li>Contribute to policies, standards, and reference architectures that encode enterprise security expectations.</li> <li>Author clear documentation and runbooks that make it easy for teams to consume and operate the controls you build.</li> </ul> <h3>Who You Are:</h3> <h3>Minimum Qualifications</h3> <ul> <li><strong>5+ years</strong> of experience in <strong>enterprise security</strong>, <strong>identity and access management</strong>, or closely related security engineering roles.</li> <li>Strong, practical understanding of modern <strong>IAM concepts</strong>: SSO, federation, RBAC/ABAC, JIT access, least privilege, and separation of duties.</li> <li>Hands-on experience implementing and operating <strong>SSO and workforce identity</strong> with platforms such as <strong>Okta, Entra ID</strong>, or equivalent IdPs.</li> <li>Deep familiarity with <strong>SAML</strong>, <strong>OAuth 2.0/OIDC</strong>, and <strong>SCIM</strong>, including real-world experience integrating these protocols with third-party SaaS and internal apps.</li> <li>Demonstrated experience designing and rolling out <strong>MFA</strong>, ideally including <strong>phishing-resistant</strong> approaches (FIDO2/WebAuthn, hardware security keys, device-bound authenticators, step-up authentication).</li> <li>Experience designing and deploying <strong>zero trust</strong> or context-aware access controls (e.g., device trust, network segmentation, mTLS, ZTNA) in hybrid or remote-friendly environments.</li> <li>Proficiency in at least one modern scripting or programming language (e.g., <strong>Python</strong>, <strong>Go</strong>) used to build automations, integrations, or internal tooling.</li> <li>Experience securing and integrating <strong>business-critical SaaS</strong> (e.g., Google Workspace, Microsoft 365, Slack, Atlassian, HRIS, ticketing) including SCIM provisioning, access reviews, and audit log ingestion.</li> <li>Familiarity with <strong>MDM</strong> and <strong>endpoint security</strong> tooling (e.g., Jamf, Intune, EDR platforms) and how they tie into identity and access decisions.</li> <li>Exposure to <strong>SIEM/detection</strong> ecosystems (e.g., Elastic) and experience collaborating with detection &amp; response teams on identity/endpoint/SaaS detections.</li> <li>A track record of owning cross-functional projects from design through adoption, with an emphasis on measurable risk reduction and user experience.</li> </ul> <h3>Preferred</h3> <ul> <li>Experience working in <strong>high-growth</strong> or <strong>hyperscale</strong> environments where security must keep pace with rapid headcount and tooling expansion.</li> <li>Hands-on experience with <strong>zero trust network access</strong> or secure access products (e.g., ZTNA, secure web gateways, or identity-aware proxies).</li> <li>Familiarity with <strong>enterprise security standards and frameworks</strong> (e.g., SOC 2, ISO 27001, NIST 800-53) and mapping enterprise controls to these requirements.</li> <li>Experience with <strong>SaaS security posture management (SSPM)</strong>, <strong>CASB</strong>, <strong>DLP</strong>, or <strong>insider risk</strong> tooling focused on colla