Senior Security Engineer, Threat Intelligence

What You’ll Do:

As a Senior Threat Intelligence Engineer, you will research, engineer, analyze, and actively collect cyber threat intelligence to protect CoreWeave’s global cloud infrastructure, AI platform, and internal systems. You will operate at the boundary between threat intelligence, threat hunting, and adversary tradecraft, with a mandate to go beyond passive analysis and materially shape how CoreWeave detects, understands, and disrupts real-world attackers.

This role is designed for practitioners who not only study adversaries, but actively probe, instrument, and test their behaviors—building intelligence through direct observation, telemetry-driven hunting, and controlled exposure (e.g., honeypots, canary systems, sinkholes, or deception techniques).

You will bring deep expertise in adversary behavior, exploitation techniques, and attack campaigns, and translate that knowledge into intelligence-driven detections, proactive threat hunts, and durable defensive improvements. You will have significant autonomy to pursue high-impact research, develop novel intelligence collection approaches, and ensure intelligence is operationalized across detection engineering, incident response, and cloud security.

About the role:

• Research, track, and actively investigate cyber threat actors, campaigns, tooling, infrastructure, and TTPs relevant to CoreWeave’s threat landscape.
• Design and operate advanced intelligence collection mechanisms, including controlled exposure systems (e.g., honeypots, canaries, decoys, or instrumentation) to observe adversary behavior in the wild.
• Identify, evaluate, and manage intelligence sources across OSINT, commercial feeds, community sharing, and internally generated telemetry, with a focus on signal quality and adversary relevance.
• Translate threat intelligence into durable detection logic, analytics, and intelligence-driven threat hunting hypotheses across endpoint, network, identity, and cloud telemetry.
• Lead and execute proactive threat hunts informed by intelligence gaps, emerging adversary tradecraft, and novel attack patterns.
• Analyze security incidents, suspicious activity, and hunt results to uncover campaign-level patterns, attacker objectives, and systemic defensive weaknesses.
• Develop original intelligence products, including adversary profiles, campaign analyses, intrusion narratives, and forward-looking threat assessments.
• Automate enrichment, correlation, and analysis workflows to embed threat intelligence directly into detection, response, and engineering pipelines.
• Partner closely with detection engineering, incident response, cloud security, and platform teams to close the loop between intelligence, hunting, and prevention.
• Establish and own technical standards, architectural patterns, and best practices for intelligence-led detection, hunting, and adversary analysis.
• Contribute to the evolution of CoreWeave’s threat intelligence strategy by identifying opportunities to push beyond traditional CTI models.

Who You Are:

• 8–10 years of experience in cyber threat intelligence, threat hunting, detection engineering, security research, or adjacent disciplines.
• Deep understanding of adversary behavior and tradecraft, including exploitation techniques, lateral movement, persistence mechanisms, and infrastructure usage.
• Demonstrated experience moving from intelligence → hypothesis → hunt → detection → feedback.
• Hands-on experience developing detections or hunts using SIEM, EDR, cloud security, identity, or network telemetry.
• Strong analytical skills with the ability to synthesize complex technical findings into clear, actionable intelligence.
• Proven ability to work independently, exercise strong judgment, and operate effectively in ambiguous, rapidly evolving threat environments.
• Excellent written and verbal communication skills, including the ability to brief senior technical and security leadership.

Preferred:

• Experience building or operating honeypots, canary systems, sinkholes, deception platforms, or custom telemetry pipelines.
• Background in threat hunting, red teaming, malware analysis, exploit development, or security research.
• Experience securing cloud-native, large-scale, or hyperscale infrastructure.
• Proficiency with scripting and data analysis (Python, SQL, APIs).
• Familiarity with MITRE ATT&CK, intrusion lifecycle modeling, and intelligence frameworks.
• Experience integrating threat intelligence platforms (TIPs) or building custom intelligence enrichment and correlation pipelines

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and provides the opportunity to develop innovative solutions to complex problems. As we get set for takeoff, the growth opportunities within the organization are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us!

The base salary range for this role is $165,000 to $242,000. The starting salary will be determined by job-related knowledge, skills, experience, and the market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).