Senior Security Engineer, Enterprise Security

What Youll Do:

The Enterprise Security team at CoreWeave is responsible for securing how our people work every dayidentity endpoints networks and SaaSso the company can move fast without compromising safety. This team owns the controls guardrails and automation that keep our workforce contractors and critical business applications protected in a modern cloud-native environment.

If youre excited aboutzero trust phishing-resistant MFA and building secure-by-default experiences that actually make people more productive this is the team to join.

About the Role:

As a Senior Security Engineer Enterprise Security youll design and ship the security controls that underpin CoreWeaves workforce and enterprise stack. Youll lead initiatives across identity access management device and endpoint security and SaaS securitypartnering closely with IT Engineering Endpoint Network and other security teams.

Your day-to-day will blend hands-on engineering (writing code building integrations tuning controls) with architecture and program ownership (setting standards defining patterns and driving adoption across teams). Youll be responsible for turning high-level objectiveslike implement zero trust for workforce access or deploy phishing-resistant MFA at scaleinto concrete designs automation and measurable risk reduction.

In this role you will:

Engineer modern identity and access controls

• Design implement and operate workforce identity solutions (e.g. Okta/Entra and other IdPs) including SSO MFA conditional access and lifecycle automation via SCIM.
• Develop and roll out phishing-resistant MFA for high-value accounts and critical access paths (e.g. FIDO2/WebAuthn hardware keys device-bound authenticators).
• Define and maintain RBAC/IAM patterns for enterprise applications (role models groups entitlements JIT access and approvals).

Implement zero trust for workforce and enterprise access

• Design and deploy controls that combine user identity device posture network context and application sensitivity to enforce least-privilege access.
• Partner with Network and Infrastructure teams to integrate mTLS service identity and policy-based access into internal services and admin interfaces.
• Help transition from legacy perimeter models to zero trust network access (ZTNA) patterns for employees contractors and third parties.

Secure SaaS and collaboration platforms

• Evaluate onboard and harden SaaS applications (Google Workspace Microsoft 365 Slack HRIS ticketing and other business apps) to align with enterprise security policies.
• Implement and tune controls such as SCIM provisioning data access policies DLP sharing controls and audit logging across the SaaS estate.
• Partner with business and IT owners to ensure new SaaS applications meet baseline security standards before adoption.

Harden endpoints and the extended workforce

• Collaborate with Endpoint/IT teams to define and enforce baseline configurations for laptops workstations and other managed devices via MDM and EDR.
• Design secure patterns for contractor and vendor access including device requirements identity separation and time-bound access.
• Support investigations and incident response related to identity endpoint and SaaS domains.

Automate and instrument everything you can

• Build automation and self-service experiences for access requests approvals access reviews and break-glass workflows.
• Develop integrations between IdPs HRIS ticketing and other systems to minimize manual toil and reduce identity-related error rates.
• Define and instrument metrics for enterprise security (e.g. MFA coverage zero trust policy enforcement joiner/mover/leaver SLA adherence SaaS posture).

Partner on detection response and governance

• Work with Security Operations and SIEM teams to ensure robust visibility into identity device and SaaS activity and to build high-signal detections.
• Contribute to policies standards and reference architectures that encode enterprise security expectations.
• Author clear documentation and runbooks that make it easy for teams to consume and operate the controls you build.

Who You Are:

Minimum Qualifications

• 5 years of experience in enterprise security identity and access management or closely related security engineering roles.
• Strong practical understanding of modern IAM concepts: SSO federation RBAC/ABAC JIT access least privilege and separation of duties.
• Hands-on experience implementing and operating SSO and workforce identity with platforms such as Okta Entra ID or equivalent IdPs.
• Deep familiarity with SAML OAuth 2.0/OIDC and SCIM including real-world experience integrating these protocols with third-party SaaS and internal apps.
• Demonstrated experience designing and rolling out MFA ideally including phishing-resistant approaches (FIDO2/WebAuthn hardware security keys device-bound authenticators step-up authentication).
• Experience designing and deploying zero trust or context-aware access controls (e.g. device trust network segmentation mTLS ZTNA) in hybrid or remote-friendly environments.
• Proficiency in at least one modern scripting or programming language (e.g. Python Go) used to build automations integrations or internal tooling.
• Experience securing and integrating business-critical SaaS (e.g. Google Workspace Microsoft 365 Slack Atlassian HRIS ticketing) including SCIM provisioning access reviews and audit log ingestion.
• Familiarity with MDM and endpoint security tooling (e.g. Jamf Intune EDR platforms) and how they tie into identity and access decisions.
• Exposure to SIEM/detection ecosystems (e.g. Elastic) and experience collaborating with detection & response teams on identity/endpoint/SaaS detections.
• A track record of owning cross-functional projects from design through adoption with an emphasis on measurable risk reduction and user experience.

Preferred

• Experience working in high-growth or hyperscale environments where security must keep pace with rapid headcount and tooling expansion.
• Hands-on experience with zero trust network access or secure access products (e.g. ZTNA secure web gateways or identity-aware proxies).
• Familiarity with enterprise security standards and frameworks (e.g. SOC 2 ISO 27001 NIST 800-53) and mapping enterprise controls to these requirements.
• Experience with SaaS security posture management (SSPM) CASB DLP or insider risk tooling focused on collaboration platforms and data access.
• Experience building or contributing to internal security tooling (e.g. access review automation JML workflows policy-as-code).
• Participation in security communities standards groups or open-source contributions in IAM zero trust or enterprise security.

Wondering if youre a good fit

We believe in investing in our people and value candidates who can bring their own diversified experiences to our teams even if you arent a 100% skill or experience match. Here are a few qualities weve found compatible with our team. If some of this describes you wed love to talk.

• You love to build secure-by-default experiences that remove friction instead of adding gates and you think deeply about usability when you design controls.
• Youre curious about how identity devices networks and SaaS all intersect in real-world zero trust architecturesand you like drawing the owl where clear patterns dont yet exist.
• Youre an expert in turning vague risk concerns into concrete requirements automation and metrics and you enjoy collaborating across Security IT and business teams to get it done.

The base salary range for this role is $165000 to $242000.. The starting salary will be determined based on job-related knowledge skills experience and market location. We strive for both market alignment and internal equity when determining addition to base salary our total rewards package includes a discretionary bonus equity awards and a comprehensive benefits program (all based on eligibility).