Compliance Automation - Senior Security Production Engineer
As a Senior Security Production Engineer focused on Assurance Systems at CoreWeave, you will design, build, and operate the production infrastructure that continuously validates the effectiveness of our security controls at scale. This role treats security assurance as first class engineering infrastructure, not a point in time compliance exercise.
This is a cutting edge software and production engineering role that applies modern reliability, automation, and systems design practices to security assurance. The work sits at the intersection of engineering systems and regulatory requirements, translating control intent into scalable, reliable, production grade infrastructure.
You will own the reliability, scalability, performance, and correctness of automated assurance systems that provide continuous visibility into control health, security posture, and risk signals across our cloud platforms and Kubernetes environments. Your work will power CoreWeave's ability to meet regulatory requirements without slowing the business or relying on manual evidence collection.
You will partner closely with GRC, platform engineering, and security domain teams to translate control intent into durable technical signals, while retaining full engineering ownership of how those systems are designed, built, and operated.
In this role, you will:
Design and build scalable automation, including evidence enrichment, API services, control monitoring, remediation workflows, anomaly detection, and threshold enforcement to streamline and industrialize GRC. Engineer continuous, event-driven compliance monitoring systems that replace manual, point-in-time processes. Establish the product assurance foundations needed to scale CCM toward agentic, autonomous GRC capabilities. Develop compliance-as-code and policy-as-code frameworks integrated into CI/CD pipelines and cloud-native infrastructure. Build automated assurance pipelines to continuously collect, enrich, and monitor controls from distributed systems and cloud services. Develop control integrations and data pipelines to normalize security telemetry across IAM, logs, scanners, and CCM/GRC tools. Deliver automated trend analysis, alerting, and reporting for compliance drift, control failures, and security-risk signals. Architect scalable monitoring, reporting, and control-validation solution aligned to enterprise security strategies and regulatory frameworks. Build and deliver solutions that demonstrate continuous control effectiveness and security risk posture across the environment. Build metrics engines, dashboards, and insights pipelines that provide real-time visibility into compliance health and emerging risks.
On this team, you will:
Tackle security & compliance puzzles at cutting-edge scale and complexity Collaborate with brilliant engineers who are redefining compliance adherence for cloud infrastructure. Have the freedom and responsibility to innovate, experiment, and influence how we establish assurance pipelines.
Investing in our people is one of our top priorities, and we value candidates who can bring their diversified experiences to our teams. Here are some qualities we've found compatible with our team.
We'd love to talk about whether this aligns with your experience and interests and what you're excited to work on next.
Minimum Qualifications
A Bachelor's degree in Information Security, Computer Science, or a related field or equivalent job experience. At least 7+ years of hands-on experience in Linux ideally within the cloud services industry. At least 3+ years of hands-on experience securing Kubernetes clusters in a production environment. Experience building automated control validation, compliance-as-code, or continuous monitoring systems. Strong understanding of security controls, threat models, and operational monitoring. Proven experience in a technical security or engineering role, with strong proficiency in scripting languages (e.g., Python). Familiarity with modern CI/CD practices and Infrastructure-as-Code tooling. Proven experience building, securing, and deploying containerized applications. Strong experience with technical architectures involving data flows, access controls, retention, and third-party integrations. Strong hands-on experience with cloud infrastructure (AWS, GCP) and cloud security. Experience with CCM tools, SIEM pipelines, or GRC platforms (e.g., Conveyor, Drata, Vanta, OneTrust, custom tooling).
Preferred Qualifications
Expertise in major compliance and security frameworks (SOC 2, ISO 27001, PCI DSS, HIPAA, FedRAMP, NIST, CSF). Background in building automation for distributed cloud environments at scale. Experience with remote-access solutions like Teleport (real bonus points if you've submitted PRs on their product). Understanding of the SSO protocols, specifically OIDC and SAML. Hands-on experience with PKI and mTLS.
If you're eager to elevate compliance into a creative, strategic force within a fast-paced, forward-thinking company, we'd love to hear from you!
Compensation
The base salary range for this role is $165,000 to $242,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).