Vulnerability Remediation Lead

CoreWeave is a specialized cloud provider, delivering a massive scale of GPU compute resources on top of the industry’s fastest and most flexible infrastructure. CoreWeave builds cloud solutions for compute intensive use cases — VFX and rendering, machine learning and AI, batch processing, and Pixel Streaming — that are up to 35 times faster and 80% less expensive than the large, generalized public clouds. Learn more at www.coreweave.com.

CoreWeave Cyber Security is looking for an experienced and talented vulnerability lead to join their team. As part of the Cyber Security Organization at CoreWeave, you will be responsible for all facets of the SOC2 and ISO 27001 compliance assessment programs pertaining to vulnerability assessments and remediation controls. The vulnerability assessments are required to provide assurance to business & network partners that the technologies in scope for CoreWeave’s environment have been properly secured in accordance with current internal programs’ security standards. The Vulnerability Remediation Lead is responsible for coordinating and conducting cybersecurity assessments, identifying any gaps and potential threats, and working with the engineering and technology teams to carry out remediation plans. This person must be a strong communicator and comfortable collaborating with all levels of management as well as the business, infrastructure, engineering, architecture, operations, and application teams. The ideal candidate will have good customer focus, a positive attitude, and excellent interpersonal, verbal and written communication skills with a strong attention to detail.

Responsibilities include:

• Manage the vulnerability assessment life-cycle from beginning to end. Assessment activities include pre-assessment meetings, artifact/evidence collection, assessment workflow management, cybersecurity assessment report generation and documenting risk associated with compliance issues
• Organize network-based scans to identify possible network security vulnerabilities and host-based scans to identify vulnerabilities in workstations, servers and other network hosts
• Record non-compliance as gaps and assist impacted technology teams to remediate them
• Ensure new, in-scope applications are deployed in a compliant manner
• Execute the technical cybersecurity vulnerability assessments of CoreWeave applications and/or technologies
• Develop automated reporting dashboards within security scanning tool(s) to report on vulnerability counts, trends, etc.
• Lead the periodic Patch Review meeting, per OS type, outlying the in-scope patches applicable and scheduling of patching/remediation plans to be conducted
• Facilitate assessment meetings between external assessors, Business and Technology teams (Application Development, Infrastructure, Cybersecurity, etc.)
• Provide security compliance consulting services as needed
• Maintain accurate information and support departmental reporting needs
• Review and define requirements for additional information security solutions
• Ability to provide solutions to complex issues; handle multiple tasks in a fast-paced environment; set priorities; meet deadlines per project scope
• Demonstrated ability to present complex, technical information to both technical and non-technical audiences
• Strong time management, good technical writing, presentation, and documentation skills
• Ability to work with minimal supervision, attention to detail, and follow-through
• Perform other work-related duties as assigned

Requirements

• Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; CISSP or CISA Certification or equivalent
• Minimum of 5 years work experience in vulnerability analysis, remediation or IT program management
• Experience lon or leading a vulnerability assessment and remediation team
• In-depth knowledge of the industry's standards and regulations, specifically SOC 2, ISO 27001:2022, GDPR and HIPAA
• Has any of the following certifications: Certified Intrusion analyst (GCIAs), GIAC Reverse Engineering Malware (GREM), GIAC Penetration Testing Certification (GPEN), GIAC Certified Enterprise Defender (GCED), Certified Geographic Information Systems Professional (GISP), GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate (CCNA), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), GIAC Security Essentials Certification (GSEC), Offensive Security Certified Professional (OSCP), and/or Security Cisco Certified Networking Professional – Security (CCNP-Security)
• Understanding of concepts related to information security domains such as Cloud Computing, Physical security, 3rd Party Risk Management, Identity and Access Management, Data Security, Vulnerability and Patch Management, Malware Defenses, CIS Top 18 Controls
• Integrating new technologies into existing technology portfolio
• Collaborating with cross-functional teams, including engineering
• Excellent knowledge of reporting procedures and record keeping
• Ability to succeed in a team environment or work as an individual contributor

Nice -to - have's:

• Familiarity with Linux, Windows and MacOS operating systems
• Methodical and diligent with outstanding planning abilities
• Able to meet deadlines and handle multiple priorities
• Strong ability to negotiate with business partners to attain successful outcomes
• Excellent communication skills
• Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget and on time
• Self-starter and requires minimal direction from leadership
• Ability to present and effectively communicate with all levels of the organization
• Flexible with the ability to multitask, effectively prioritize and work under pressure
• Advocate of continuous improvement and industry recognized best practices

The Vulnerability Remediation Lead works standard business hours, with on-call responsibilities. CoreWeave is a fast growth startup, and the selected candidate is willing to be flexible for when they are needed. There will be times where the Vulnerability Remediation Lead needs to be available outside of regular business hours to support critical issues or meetings.

Benefits

At CoreWeave we work hard, have fun and move fast! The company has entered a hyper-growth stage that you will not want to miss out on! Today we are a small, growing team of intelligent, genuine people who value different perspectives and approaches to solving complex problems. We live five core values:

• Be Curious at Your Core
• Act Like an Owner
• Empower Employees
• Deliver Best-in-Class Client Experiences
• Achieve More Together

At CoreWeave we support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that champions collaboration and prioritizes innovative solutions to complex problems. As we get set to take off, the growth opportunities within the organization are limitless. You will be surrounded by some of the best talent in the industry. Come join us!

Benefits

We offer a competitive salary and benefits, including:

• Medical, dental, and vision insurance - 100% paid for the employee
• Life Insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our NJ office
• Weekly massages in NJ office
• A casual work environment
• Work culture focused on innovative disruption

CoreWeave is an equal opportunity employer, committed to our diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.