CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at www.coreweave.com .
About the Role
We're looking for a software engineer to join our Source Control and Governance team within our Developer Experience group. In this role, you'll design and build the tooling and automation that keeps our AI compute and bare metal infrastructure platform compliant, secure, and audit-ready.
You'll work across major compliance frameworks (SOC 2, SOX, ISO 27001), writing policy-as-code, building compliance pipelines, integrating security scanning into CI/CD, and automating evidence collection workflows. This is a collaborative, high-impact team where your engineering work directly supports our ability to serve enterprise customers and meet evolving regulatory requirements.
What You'll Do
- Design and build automated compliance pipelines that enforce policies on infrastructure changes and compute provisioning, bringing a CI/CD-driven approach to governance workflows.
- Implement policy-as-code using tools like OPA/Rego, Conftest, or InSpec — ensuring compliance rules are version-controlled, peer-reviewed, and enforced automatically across environments.
- Automate audit evidence collection for SOC 2, SOX, and ISO 27001, replacing manual processes with continuous pipelines that produce timestamped, immutable artifacts.
- Build and maintain compliance dashboards and reporting to surface posture scores and framework coverage for internal stakeholders and customers.
What We're Looking For
- 7+ years of software engineering experience.
- Demonstrated mastery of Go or Python, including concurrency primitives, memory management, and performance optimization at scale
- Experience designing and building CI/CD pipelines using tools like GitHub Actions, GitLab CI, Jenkins, or Buildkite, with a solid understanding of pipeline architecture and design patterns.
- Familiarity with Linux systems and networking fundamentals.
- A self-directed working style with the ability to take ownership of workstreams on a small, collaborative team.
Nice to Have
- Experience with policy-as-code tools (OPA/Rego, Sentinel, Checkov, InSpec).
- Familiarity with compliance frameworks such as SOC 2, SOX, ISO 27001, or NIST CSF — you don't need to be an auditor, but an understanding of controls and why they matter goes a long way.
- Background in cloud infrastructure, bare metal, or compute platform environments.