Staff Security Engineer, Pki & Secrets

CoreWeave

Livingston, NJ, US
Base: $188,000 to $275,000; bonus/equity: discreti...
Hybrid (on-site with remote work considered for specialized skill sets)
Pki hierarchy design and certificate lifecycle management
Hashicorp vault or similar secrets management experience
Hardware security modules (hsm) and pkcs#11 integration
CoreWeave is seeking a Staff Security Engineer to join their PKI & Secrets team, responsible for managing cryptographic infrastructure to ensure data security across their cloud platform. The ideal candidate will have extensive experience in security engineering, particularly with PKI, secrets management, and applied cryptography, along with proficiency in programming languages like Go or Python

Job Summary

  • CoreWeave is a publicly traded company delivering essential cloud infrastructure specifically built for scaling AI workloads.
  • The role involves shaping cryptographic infrastructure across global fleets, including managing CA hierarchies and secrets platforms.
  • The company offers comprehensive benefits including fully paid medical insurance, flexible PTO, and generous 401(k) matching.

Matching Summary

Match Score: 85

CoreWeave is seeking a Staff Security Engineer to join their PKI & Secrets team, responsible for managing cryptographic infrastructure to ensure data security across their cloud platform. The ideal candidate will have extensive experience in security engineering, particularly with PKI, secrets management, and applied cryptography, along with proficiency in programming languages like Go or Python.

Salary

Base: $188,000 to $275,000; Bonus/Equity: Discretionary bonus and equity awards included; Benefits: Comprehensive program with 100% paid medical, dental, vision, and 401(k) match

Skills & Requirements

Must-have

  • PKI hierarchy design and certificate lifecycle management
  • HashiCorp Vault or similar secrets management experience
  • Hardware Security Modules (HSM) and PKCS#11 integration
  • Kubernetes cert-manager and External Secrets Operator
  • Go or Python programming for security tooling
  • Applied cryptography including TLS and envelope encryption

Nice-to-have

  • Post-quantum cryptography readiness and migration planning
  • Code signing workflows using Sigstore or Authenticode
  • Multi-tenant KMS design and customer-managed keys
  • Hardware attestation with TPM and SPIFFE/SPIRE
  • Experience in hyperscaler cloud provider environments

Key Requirements

  • 8+ years of experience in security or infrastructure engineering
  • Hands-on production experience with HashiCorp Vault
  • Proficiency in Go, Python, or similar languages

Work Rights

Not specified

Tailored Resume

Cover Letter