Senior Security Manager, Vulnerability Management
Roseland, NJ / Brooklyn, NY / Sunnyvale, CA / Bellevue, WA
CoreWeave is the AI Hyperscaler™, delivering a cloud platform of cutting edge services powering the next wave of AI. The company’s technology provides enterprises and leading AI labs with the most performant, efficient and resilient solutions for accelerated computing. Since 2017, CoreWeave has operated a growing footprint of data centers covering every region of the US and across Europe. CoreWeave was ranked as one of the TIME100 most influential companies of 2024.
As the leader in the industry, we thrive in an environment where adaptability and resilience are key. Our culture offers career-defining opportunities for those who excel amid change and challenge. If you’re someone who thrives in a dynamic environment, enjoys solving complex problems, and is eager to make a significant impact, CoreWeave is the place for you. Join us, and be part of a team solving some of the most exciting challenges in the industry.
CoreWeave powers the creation and delivery of the intelligence that drives innovation. To learn more about our values, please visit our careers website.
CoreWeave is going through a very significant growth as we scale to support our customers and we need to build the next generation security tools to help us defend against vulnerabilities as they arise. We are seeking an experienced leader to join our team as the Senior Manager for our Vulnerability Management team. The Senior Manager, Vulnerability Management is responsible for running, evolving and operating CoreWeave’s vulnerability management program and personnel. This person is responsible for working with cross-functional teams as well as with peer engineering stakeholders to measure, maintain, and improve the security posture of CoreWeave.
What You'll Do
- Creating and overseeing the execution of vulnerability management policies and procedures (e.g. patching)
- Establishing and meeting Service Level Objectives for both enterprise security and product impacting vulnerabilities
- Creating and ensuring the adherence to procedures for notifying both the business and clients (where applicable) about risk and impacts from security vulnerabilities.
- Communicating and coordinating with other teams in order to triage and remediate vulnerabilities in first and third-party software and software dependencies
- Acting as a liaison between other teams (Hardware, Application Security, Offensive Security) in order to appropriately assign, follow, and close security tickets
Who You Are
- Experienced in establishing and managing a vulnerability management program at scale
- Skilled in leading a team of vulnerability engineers and analysts to identify, triage, and support vulnerability remediation
- Proficient in risk assessment, identifying high-impact vulnerabilities, and driving remediations across engineering and IT teams
- Knowledgeable in identifying and remediating CVEs within large infrastructure environments
- Extensive hands-on experience with Linux OS, including security tool management, server administration, and patching for Linux and Windows
- Experienced in managing security compliance tools like EDR, antivirus, and log analysis in complex environments
- Eager to learn and adopt new technologies as required
- Strong technical background, particularly with cybersecurity tools
- Proficiency with enterprise-level information security tools, systems administration, and troubleshooting for servers and workstations
- Knowledge of cloud-based infrastructures and network concepts/protocols
- Familiarity with Linux OS environments and cybersecurity certifications such as Security+, Network+
- Experience with container orchestration, like Kubernetes
- Competence in creating and presenting technical strategies and solution recommendations
- Skilled in designing and implementing technical solutions, integrating new technologies into existing portfolios
- Experience collaborating with cross-functional teams, especially engineering
- Preferred certifications include GREM, GPEN, GCED, CEH, GSEC, OSCP
The Senior Manager for the Vulnerability Management team works standard business hours and may be required to perform job duties outside of normal business hours as needed, aligned to job duties.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $220,000-$260,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.
What We Offer
The range we’ve posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.
In addition to a competitive salary, we offer a variety of benefits to support your needs, including:
- Medical, dental, and vision insurance - 100% paid for by CoreWeave
- Company-paid Life Insurance
- Voluntary supplemental life insurance
- Short and long-term disability insurance
- Flexible Spending Account
- Tuition Reimbursement
- Mental Wellness Benefits through Spring Health
- Family-Forming support provided by Carrot
- Paid Parental Leave
- Flexible, full-service childcare support with Kinside
- 401(k) with a generous employer match
- Flexible PTO
- Catered lunch each day in our office and data center locations
- A casual work environment
- A work culture focused on innovative disruption
Our Workplace
At CoreWeave, we are committed to operating as a hybrid workplace, offering employees flexibility in how they structure their time between in-office and remote work. We recognize the significance of fostering connections, collaboration, and creativity within our office culture and its positive impact on our business. Our philosophy operating as a hybrid workplace underscores our dedication to enabling employees to tailor work-life balance to their individual preferences.
For those who do not live within 30 miles of one of our offices, we are open to considering remote work for candidates whose skills and experience strongly align with the role. While we prioritize a hybrid work environment for most roles, we understand the importance of flexibility and are open to remote work for specific positions and specialized skill sets. Onboarding is essential to your success. New employees not based out of an office will be invited to attend onboarding training at one of our hubs within their first month of employment. We continue to foster a collaborative environment by bringing teams together quarterly.
California Consumer Privacy Act - California applicants only
CoreWeave is an equal opportunity employer, committed to fostering an inclusive and supportive workplace. All qualified applicants and candidates will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.
As part of this commitment and consistent with the Americans with Disabilities Act (ADA), CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process, unless such accommodation would cause an undue hardship. If reasonable accommodation is needed, please contact: careers@coreweave.com.
ApplyJob Profile
Hybrid workplace
Benefits/PerksCareer defining opportunities Catered lunch Collaborative environment Disability Insurance Dynamic environment Dynamic work environment Flexibility Flexible PTO Hybrid work Hybrid workplace Impactful challenges Life Insurance Mental wellness benefits Onboarding training Paid parental leave Significant impact Tuition reimbursement Vision Insurance
Tasks- Communicate security risks
- Coordinate vulnerability remediation
- Establish service level objectives
- Manage security compliance tools
- Oversee vulnerability management program
- Support
- Troubleshooting
AI Analysis Antivirus Cloud Infrastructure Collaboration Compliance Cybersecurity Data center EDR Engineering Excel Information security Kubernetes Linux Log Analysis Management Offensive Security Onboarding Orchestration Risk Assessment Security Security Compliance Security Tools Systems Administration Troubleshooting Vulnerability Management Windows
Experience5 years
EducationBusiness Engineering Technical
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9