Offensive Security Lead

CoreWeave is a specialized cloud provider delivering a massive scale of GPUs on top of the industry’s fastest and most flexible infrastructure. We are currently seeking an Offensive Security Lead to join the cyber security team. The cyber security team is tasked with keeping our business safe, secure and available for our customers. The Cyber Security team at CoreWeave is a rapidly growing team that has a broad mandate, allowing people with different skill sets to contribute while providing plenty of room to grow and learn. We are looking for an experienced offensive security lead to develop our internal capabilities, harden our security posture and prepare the Company for the future, today.

Job Responsibilities:

• Establish and maintain the development, execution, and automation of CoreWeave’s cyber threat hunting operations
• Define and implement an adversary emulation/red team function within CoreWeave Cyber Security to drive the creation and effectiveness of the cyber threat hunting program.
• Responsible to research and evaluate internal and external new security threats, malware, vulnerabilities, etc. and recommend appropriate changes to products to prevent company and customer data assets from being compromised
• Conduct independent research into threat actor tactics, techniques, procedures, and tradecraft to develop emulation tools and playbooks
• Plan, document, and execute adversary emulation operations to assess implemented preventative and detective security controls as well as response procedures.
• Work collaboratively with the Cyber Security Operations Center (CSOC) and Network Operations Center (NOC) to provide requirements and improve organizational detection and response capabilities.
• Responsible for conducting internal penetration tests on computer systems, networks and applications including mobile, UI based testing, API testing etc.
• Responsible for organizing and overseeing 3rd party executed penetration tests on computer systems, networks and applications including mobile, UI based testing, API testing etc.
• Build and maintain below security testing
  • Network
  • Static application security testing (SAST)
  • Dynamic application security testing (DAST)
  • Container
  • Cloud security infrastructure (linux) + networking
  • Kubernetes
  • Source code review in: Go, Javascript, Shell, etc.
  • Dependency checking
  • Cryptography
  • Physical and social engineering
• Responsible for below vulnerability management workflows
  • SDLC driven release security testing
  • Vulnerability testing
  • Vulnerability scoring using CVSS
  • Corrective actions verification
  • Vulnerability ticket management
  • Vulnerability metrics and reporting of vulnerability metrics and reporting

Requirements

• Minimum of 5+ years Offensive Security experience working in a technical role (penetration testing, manual application/web assessments, threat hunting, etc.)
• Minimum of 2+ years Red Team (threat actor simulation) experience working in a technical role
• 2 years in Threat intelligence activities and understanding threat actors, and understanding Threat Actor simulations
• Comprehensive understanding of cyber based adversarial frameworks including MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain. Strong understanding of end-to-end attacks and multi-faceted exploits.
• Considerable experience in both web, network and infrastructure based penetration testing
• Past experience conducting threat modeling, including STRIDE methodology
• Considerable experience with Kali Linux tool set (i.e. Metasploit Framework), Nmap/NSE, BurpSuite and/or equivalent tool (i.e. Zap Proxy)
• Experience and knowledge using vulnerability scanning tools (tenable.IO, Qualys, Rapid7, Crowdstrike, etc.)
• Able to review and test source code in .Net, Java, SQL, Python, and scripted languages
• Relevant information security certifications (e.g. (ISC)2, ISACA, GSEC, GPEN, GXPN, GWART, CEH, OSCP)
• Possesses an expert level of knowledge of information security processes, procedures and controls.
• Understanding of industry standards and frameworks e.g. NIST Cyber Security Framework (CSF), ISO 27002, GDPR, HIPAA, SOC2.
• Demonstrable knowledge of cloud environments, network protocols, network devices, multiple operating systems (Windows, macOS, Linux, etc.), and secure architectures.
• Familiarity with working with kubernetes
• Strong familiarity with cyber incident response and digital forensics
• Strong verbal & written communication skills
• Strong analytical, problem solving and influential skills
• Strong collaboration & team skills; with a focus on cross-group collaboration
• Self-starter, and able to deliver through ambiguity that comes with working at a fast-paced start-up

Benefits

Why CoreWeave?

At CoreWeave we work hard, have fun, and move fast! The company has entered a stage of hyper-growth that you will not want to miss out on. Today, we are a small, growing team of intelligent, genuine people that value different perspectives and approaches to solving complex problems. We live five core values:

• Be Curious at Your Core
• Act Like an Owner
• Empower Employees
• Deliver Best-in-Class Client Experiences
• Achieve More Together

At CoreWeave we support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that champions collaboration and prioritizes innovative solutions to complex problems. As we get set to take off, the growth opportunities within the organization are limitless. You will be surrounded by some of the best talent in the industry. Come join us!

Benefits

We offer a competitive salary and benefits, including:

• Medical, dental and vision insurance - 100% paid for the employee
• Life Insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our offices
• Weekly massages in NJ office
• A casual work environment
• Work culture focused on innovative disruption

COVID-19 vaccine requirements for in-person work:

To protect the health and safety of our employees, we require any employee conducting in-person work to be fully vaccinated against COVID-19 by their start date. If you are unable to be vaccinated due to medical or protected religious reasons, please reach out to our HR team at recruiting@coreweave.com to submit an accommodations request.

CoreWeave is an equal opportunity employer, committed to our diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.