Senior Security Engineer, Threat Intelligence

What Youll Do:

As a Senior Threat Intelligence Engineer you will research engineer analyze and actively collect cyber threat intelligence to protect CoreWeaves global cloud infrastructure AI platform and internal systems. You will operate at the boundary between threat intelligence threat hunting and adversary tradecraft with a mandate to go beyond passive analysis and materially shape how CoreWeave detects understands and disrupts real-world attackers.

This role is designed for practitioners who not only study adversaries but actively probe instrument and test their behaviorsbuilding intelligence through direct observation telemetry-driven hunting and controlled exposure (e.g. honeypots canary systems sinkholes or deception techniques).

You will bring deep expertise in adversary behavior exploitation techniques and attack campaigns and translate that knowledge into intelligence-driven detections proactive threat hunts and durable defensive improvements. You will have significant autonomy to pursue high-impact research develop novel intelligence collection approaches and ensure intelligence is operationalized across detection engineering incident response and cloud security.

About the role:

• Research track and actively investigate cyber threat actors campaigns tooling infrastructure and TTPs relevant to CoreWeaves threat landscape.
• Design and operate advanced intelligence collection mechanisms including controlled exposure systems (e.g. honeypots canaries decoys or instrumentation) to observe adversary behavior in the wild.
• Identify evaluate and manage intelligence sources across OSINT commercial feeds community sharing and internally generated telemetry with a focus on signal quality and adversary relevance.
• Translate threat intelligence into durable detection logic analytics and intelligence-driven threat hunting hypotheses across endpoint network identity and cloud telemetry.
• Lead and execute proactive threat hunts informed by intelligence gaps emerging adversary tradecraft and novel attack patterns.
• Analyze security incidents suspicious activity and hunt results to uncover campaign-level patterns attacker objectives and systemic defensive weaknesses.
• Develop original intelligence products including adversary profiles campaign analyses intrusion narratives and forward-looking threat assessments.
• Automate enrichment correlation and analysis workflows to embed threat intelligence directly into detection response and engineering pipelines.
• Partner closely with detection engineering incident response cloud security and platform teams to close the loop between intelligence hunting and prevention.
• Establish and own technical standards architectural patterns and best practices for intelligence-led detection hunting and adversary analysis.
• Contribute to the evolution of CoreWeaves threat intelligence strategy by identifying opportunities to push beyond traditional CTI models.

Who You Are:

• 810 years of experience in cyber threat intelligence threat hunting detection engineering security research or adjacent disciplines.
• Deep understanding of adversary behavior and tradecraft including exploitation techniques lateral movement persistence mechanisms and infrastructure usage.
• Demonstrated experience moving from intelligence hypothesis hunt detection feedback.
• Hands-on experience developing detections or hunts using SIEM EDR cloud security identity or network telemetry.
• Strong analytical skills with the ability to synthesize complex technical findings into clear actionable intelligence.
• Proven ability to work independently exercise strong judgment and operate effectively in ambiguous rapidly evolving threat environments.
• Excellent written and verbal communication skills including the ability to brief senior technical and security leadership.

Preferred:

• Experience building or operating honeypots canary systems sinkholes deception platforms or custom telemetry pipelines.
• Background in threat hunting red teaming malware analysis exploit development or security research.
• Experience securing cloud-native large-scale or hyperscale infrastructure.
• Proficiency with scripting and data analysis (Python SQL APIs).
• Familiarity with MITRE ATT&CK intrusion lifecycle modeling and intelligence frameworks.
• Experience integrating threat intelligence platforms (TIPs) or building custom intelligence enrichment and correlation pipelines

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and provides the opportunity to develop innovative solutions to complex problems. As we get set for takeoff the growth opportunities within the organization are constantly expanding. You will be surrounded by some of the best talent in the industry who will want to learn from you too. Come join us!

The base salary range for this role is $165000 to $242000. The starting salary will be determined by job-related knowledge skills experience and the market location. We strive for both market alignment and internal equity when determining addition to base salary our total rewards package includes a discretionary bonus equity awards and a comprehensive benefits program (all based on eligibility).

What We Offer

The range weve posted represents the typical compensation range for this role. To determine actual compensation we review the market rate for each candidate which can include a variety of factors. These include qualifications experience interview performance and location.

In addition to a competitive salary we offer a variety of benefits to support your needs including:

• Medical dental and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption

Our Workplace

While we prioritize a hybrid work environment remote work may be considered for candidates located more than 30 miles from an office based on role requirements for specialized skill sets. New hires will be invited to attend onboarding at one of our hubs within their first month. Teams also gather quarterly to support collaboration.

California Consumer Privacy Act - California applicants only

CoreWeave is an equal opportunity employer committed to fostering an inclusive and supportive workplace. All qualified applicants and candidates will receive consideration for employment without regard to race color religion sex disability age sexual orientation gender identity national origin veteran status or genetic information.

As part of this commitment and consistent with the Americans with Disabilities Act (ADA) CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process unless such accommodation would cause an undue hardship. If reasonable accommodation is needed please contact: .

Export Control Compliance

This position requires access to export controlled information. To conform to U.S. Government export regulations applicable to that information applicant must either be (A) a U.S. person defined as a (i) U.S. citizen or national (ii) U.S. lawful permanent resident (green card holder) (iii) refugee under 8 U.S.C. 1157 or (iv) asylee under 8 U.S.C. 1158 (B) eligible to access the export controlled information without a required export authorization or (C) eligible and reasonably likely to obtain the required export authorization from the applicable U.S. government agency. CoreWeave may for legitimate business reasons decline to pursue any export licensing process.