Security Assurance Engineering Senior Security Production Engineer

Compliance Automation - Senior Security Production Engineer

What Youll Do

As a Senior Security Production Engineer focused on Assurance Systems at CoreWeave you will design build and operate the production infrastructure that continuously validates the effectiveness of our security controls at scale. This role treats security assurance as first class engineering infrastructure not a point in time compliance exercise.

This is a cutting edge software and production engineering role that applies modern reliability automation and systems design practices to security assurance. The work sits at the intersection of engineering systems and regulatory requirements translating control intent into scalable reliable production grade infrastructure.

You will own the reliability scalability performance and correctness of automated assurance systems that provide continuous visibility into control health security posture and risk signals across our cloud platforms and Kubernetes environments. Your work will power CoreWeaves ability to meet regulatory requirements without slowing the business or relying on manual evidence collection.

You will partner closely with GRC platform engineering and security domain teams to translate control intent into durable technical signals while retaining full engineering ownership of how those systems are designed built and operated.

In this role you will:

• Design and build scalable automation including evidence enrichment API services control monitoring remediation workflows anomaly detection and threshold enforcement to streamline and industrialize GRC.
• Engineer continuous event-driven compliance monitoring systems that replace manual point-in-time processes.
• Establish the product assurance foundations needed to scale CCM toward agentic autonomous GRC capabilities.
• Develop compliance-as-code and policy-as-code frameworks integrated into CI/CD pipelines and cloud-native infrastructure.
• Build automated assurance pipelines to continuously collect enrich and monitor controls from distributed systems and cloud services.
• Develop control integrations and data pipelines to normalize security telemetry across IAM logs scanners and CCM/GRC tools.
• Deliver automated trend analysis alerting and reporting for compliance drift control failures and security-risk signals.
• Architect scalable monitoring reporting and control-validation solution aligned to enterprise security strategies and regulatory frameworks.
• Build and deliver solutions that demonstrate continuous control effectiveness and security risk posture across the environment.
• Build metrics engines dashboards and insights pipelines that provide real-time visibility into compliance health and emerging risks.

On this team you will:

• Youll tackle security & compliance puzzles at cutting-edge scale and complexity
• Youll collaborate with brilliant engineers who are redefining compliance adherence for cloud infrastructure.
• Youll have the freedom and responsibility to innovate experiment and influence how we establish assurance pipelines.

Investing in our people is one of our top priorities and we value candidates who can bring their diversified experiences to our teams. Here are some qualities weve found compatible with our team. Wed love to talk about whether this aligns with your experience and interests and what youre excited to work on next.

Who You Are

Minimum Qualifications

• A Bachelors degree in Information Security Computer Science or a related field or equivalent job experience.
• At least 7 years of hands-on experience in Linux ideally within the cloud services industry
• At least 3 years of hands-on experience securing Kubernetes clusters in a production environment
• Experience building automated control validation compliance-as-code or continuous monitoring systems.
• Strong understanding of security controls threat models and operational monitoring.
• Proven experience in a technical security or engineering role with strong proficiency in scripting languages (e.g. Python)
• Familiarity with modern CI/CD practices and Infrastructure-as-Code tooling.
• Proven experience building securing and deploying containerized applications
• Strong experience with technical architectures involving data flows access controls retention and third-party integrations.
• Strong hands-on experience with cloud infrastructure (AWS GCP) and cloud security.
• Experience with CCM tools SIEM pipelines or GRC platforms (e.g. Conveyor Drata Vanta OneTrust custom tooling).

Preferred Qualifications

• Expertise in major compliance and security frameworks (SOC 2 ISO 27001 PCI DSS HIPAA FedRAMP NIST CSF).
• Background in building automation for distributed cloud environments at scale
• Experience with remote-access solutions like Teleport (real bonus points if youve submitted PRs on their product)
• Understanding of the SSO protocols specifically OIDC and SAML
• Hands-on experience with PKI and mTLS

If youre eager to elevate compliance into a creative strategic force within a fast-paced forward-thinking company wed love to hear from you!

The base salary range for this role is $165000 to $242000. The starting salary will be determined based on job-related knowledge skills experience and market location. We strive for both market alignment and internal equity when determining addition to base salary our total rewards package includes a discretionary bonus equity awards and a comprehensive benefits program (all based on eligibility).