CoreWeave · 15 hours ago
Staff Security Engineer, Firmware Security
New York, NY
Full-time
Hybrid
Lead/Staff
$188K/yr - $275K/yr
8+ years expCoreWeave is The Essential Cloud for AI™, dedicated to providing a secure platform for AI innovations. The Staff Firmware Security Engineer will lead the firmware security strategy, ensuring the integrity and security of firmware across CoreWeave’s infrastructure, while collaborating with engineering teams and hardware vendors to mitigate risks and respond to threats.
Artificial Intelligence (AI)Cloud ComputingInformation TechnologyAI InfrastructureCloud InfrastructureMachine Learning
No H1B
U.S. Citizen Only
Responsibilities
Define the end-to-end firmware security architecture for CoreWeave’s server, GPU, and networking platforms, including root-of-trust, secure boot, and attestation flows
Design and implement secure boot and measured boot strategies across host, BMC, and accelerator firmware, leveraging TPM/TPM2 and hardware roots of trust
Build and maintain tooling and automation to inventory firmware, validate signatures and policies, manage firmware SBOMs, and enforce version baselines across large fleets
Partner with platform, infrastructure, and data center engineering teams to design safe rollout mechanisms for firmware updates, including canarying, rollback strategies, and blast-radius controls
Perform threat modeling, design reviews, and code reviews for firmware-related components and low-level platform software, identifying and mitigating security risks early in the lifecycle
Lead deep-dive investigations into firmware vulnerabilities and anomalous device behavior, coordinating incident response and remediation across cross-functional teams
Engage with hardware and OEM partners (e.g., server, GPU, and NIC vendors) to influence their security roadmaps, validate security features, and integrate vendor tooling into CoreWeave’s controls
Collaborate with Security Engineering peers to integrate firmware security signals into telemetry, detection, and SIEM pipelines for continuous monitoring
Establish standards, best practices, and documentation for firmware security, and mentor engineers across the organization in building secure-by-default infrastructure
Qualification
Required
8+ years of experience in security engineering, platform security, or systems/firmware engineering, including substantial work with server or device firmware
Deep understanding of firmware and platform security concepts, including secure/verified boot, measured boot, roots of trust, and attestation (e.g., TPM-based or vendor-specific solutions)
Hands-on experience with server and BMC ecosystems (e.g., UEFI/BIOS, BMC/Redfish/IPMI, bootloaders) and how they interact with operating systems and hypervisors
Strong Linux systems background, including comfort working close to the hardware (kernel interfaces, device drivers, low-level debugging)
Experience performing security reviews and/or reverse engineering of firmware or low-level code (e.g., UEFI, bootloaders, BMC firmware), using tools such as UEFITool, CHIPSEC, or similar
Proficiency in at least one systems programming or scripting language (e.g., C, C++, Rust, Go, or Python) and the ability to build automation and validation tooling
Demonstrated ability to lead cross-functional initiatives, influencing engineers and stakeholders across infrastructure, hardware, and operations teams
Strong written and verbal communication skills, including the ability to explain complex technical topics to both deeply technical and non-technical audiences
Preferred
Experience securing GPU, accelerator, or HPC platforms, including familiarity with NVIDIA and/or other accelerator firmware stacks
Background working in a cloud provider, hyperscaler, or large-scale data center environment, ideally with exposure to bare metal and containerized workloads
Familiarity with supply chain security practices for hardware and firmware, including SBOMs, signing workflows, provenance tracking, and vendor qualification
Experience designing and operating attestation pipelines (e.g., validating device state before admitting workloads or granting higher-trust roles)
Contributions to open-source firmware or security projects, security research publications, or notable vulnerability discoveries (CVE credits, bug bounties, etc.)
Bachelor's or Master's degree in Computer Science, Computer Engineering, Electrical Engineering, or equivalent practical experience
Benefits
Medical, dental, and vision insurance - 100% paid for by CoreWeave
Company-paid Life Insurance
Voluntary supplemental life insurance
Short and long-term disability insurance
Flexible Spending Account
Health Savings Account
Tuition Reimbursement
Ability to Participate in Employee Stock Purchase Program (ESPP)
Mental Wellness Benefits through Spring Health
Family-Forming support provided by Carrot
Paid Parental Leave
Flexible, full-service childcare support with Kinside
401(k) with a generous employer match
Flexible PTO
Catered lunch each day in our office and data center locations
A casual work environment
A work culture focused on innovative disruption
Company
CoreWeave
CoreWeave is a cloud-based AI infrastructure company offering GPU cloud services to simplify AI and machine learning workloads.
1001-5000 employees
Funding
Current Stage
Public CompanyTotal Funding
$26.87BKey Investors
NVIDIAGoldman Sachs,JP Morgan Chase,Morgan Stanley,MUFG Union BankJane Street Capital
2026-01-26Post Ipo Equity· $2B
2025-12-08Post Ipo Debt· $2.54B
2025-11-12Post Ipo Debt· $2.5B
Leadership Team
Michael Intrator
Chief Executive Officer
Brannin McBee
Founder & CDO
Recent News
2026-02-13
Company data provided by crunchbase