What You’ll Do
The Endpoint Engineering team at CoreWeave manages end-user compute for all employees running macOS and Windows 11 — application deployment, patching, and configuration management to keep the environment secure and reliable.
We're expanding that scope with a cloud-based VDI offering (Ubuntu and Windows 11) to meet growing customer needs. This role owns that expansion as the sole DRI for the Next Gen VDI platform: the remote-compute infrastructure powering hundreds of engineers, network operators, and support teams company-wide. You'll own everything from the underlying cloud infrastructure to the OS images running on it, delivering a secure, self-service, operationally excellent platform as CoreWeave scales.
About the Role
As the Systems Engineer for Next Gen VDI, you will own both the cloud infrastructure buildout and the OS lifecycle for CoreWeave’s next-generation remote compute platform. This is a hands-on engineering role with end-to-end scope: you will design and stand up the platform from scratch—integrating Teleport, Okta SSO, audit logging, cost governance, and self-service tooling—and you will own the image pipelines, patch cadence, configuration management, and security agent stack that keep the fleet healthy.
In this role, you will:
- Design and deliver the end-to-end VDI platform architecture—covering cloud infrastructure, access controls, OS lifecycle, security posture, and network topology—and drive peer review and sign-off before build commences.
- Integrate cloud infrastructure into CoreWeave’s Teleport cluster: IAM node joining, RBAC role definitions, access policies per user persona, and break-glass/OOB node setup and validation.
- Configure Okta SAML/OIDC SSO with MFA enforcement, session policy, and access review workflows for the VDI fleet.
- Build and maintain the audit logging pipeline (cloud logging → CoreWeave SIEM), legal hold and forensic snapshot-on-demand workflows, and compliance-aligned session activity retention policies.
- Own cost governance: implement instance tagging and cost center chargeback attribution, build idle detection and cleanup automation, and deliver self-service and admin portals for instance lifecycle management.
- Own the Ubuntu LTS and Windows 11 base image pipelines—code-defined builds (Packer or equivalent), automated regression test suites covering agent health, network reachability, and security posture, versioned release promotion, and rollback procedures.
- Write and maintain Chef cookbooks (or equivalent) for post-provision configuration: user setup, mounts, and toolchain.
- Bake security and network agents (CrowdStrike, Netskope, BlastShield) and the PCoIP client/agent into Ubuntu and Windows 11 base images; own group/policy configuration, fleet enrollment, and alert routing.
- Lead end-to-end integration testing (provision → auth → tool access → teardown) and platform security review prior to launch; remediate and drive sign-off.
- Sustain steady-state operations: monthly patch releases, config management updates, infrastructure health checks, incident response, and user ticket triage.
- Produce and maintain runbooks for image release, Teleport onboarding, break-glass procedures, and incident response.
Who You Are
- Demonstrated experience operating and automating cloud infrastructure on AWS, Azure, or GCP—compute, networking, storage, IAM, and cost tooling.
- Proficiency with Linux system administration (Ubuntu preferred) and Windows 11 endpoint management, including shell/PowerShell scripting, service configuration, package management, and log analysis.
- Hands-on experience with infrastructure-as-code and configuration management tooling (Terraform, Ansible, Chef, Packer, or equivalent) in a production environment.
- Experience integrating enterprise identity and access management solutions—Teleport, Okta, or comparable SSO/PAM/ZTNA tooling—including RBAC design and access policy definition.
- Experience building and operating OS image pipelines: code-driven builds, automated regression testing, versioned release promotion, staged rollout, and rollback.
- Familiarity with endpoint and network security agent deployment (CrowdStrike, Netskope, or similar), including bake-in to base images and policy configuration.
- Strong scripting and automation skills (Python, Bash, or equivalent); comfort building internal tooling and self-service workflows.
- Experience with observability and logging pipelines—log forwarding, schema definition, retention policy, and SIEM integration.
Preferred
- Experience with Windows 11 image management, MDM/Intune enrollment, and patch management tooling.
- Familiarity with PCoIP/HP Anyware or other streaming display protocols in a VDI context.
- Experience with cost attribution, tagging strategy, and chargeback reporting in multi-tenant cloud environments.
- Exposure to BlastShield or other zero-trust network access (ZTNA) solutions.
- Experience with legal hold, forensic imaging, or compliance workflows in a cloud environment.
Wondering if you’re a good fit?
We believe in investing in our people and value candidates who bring unique backgrounds—even if you don’t check every box. Here are a few qualities we’ve found make someone successful on this team. If some of this describes you, we’d love to talk.
- You love owning the full stack—you’re as comfortable debugging a cloud routing issue as you are tracing why an agent isn’t enrolling in an image build.
- You’re energized by greenfield work: designing from scratch, making defensible architectural choices, and building the operational playbook alongside the platform.
- You think in systems: you anticipate how a patch cadence decision today affects upgrade friction two OS generations from now, across both Ubuntu LTS and Windows 11 release cycles.
- You’re an expert at security-conscious infrastructure—you don’t treat compliance controls as an afterthought, you design them in.
Why CoreWeave?
At CoreWeave, we work hard, have fun, and move fast! We’re in an exciting stage of hyper-growth that you will not want to miss out on. We’re not afraid of a little chaos, and we’re constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values:
- Be Curious at Your Core
- Act Like an Owner
- Empower Employees
- Deliver Best-in-Class Client Experiences
- Achieve More Together
We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and enables the development of innovative solutions to complex problems. As we get set for takeoff, the growth opportunities within the organization are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us!
The base salary range for this role is $207,000 to $275,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).
What We Offer
The range we’ve posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.
In addition to a competitive salary, we offer a variety of benefits to support your needs. The benefits below reflect our US-based offerings; for roles in other locations, benefits vary and are shared during the hiring process. These include:
- Medical, dental, and vision insurance - 100% paid for by CoreWeave
- Company-paid Life Insurance
- Voluntary supplemental life insurance
- Short and long-term disability insurance
- Flexible Spending Account
- Health Savings Account
- Tuition Reimbursement
- Ability to Participate in Employee Stock Purchase Program (ESPP)
- Mental Wellness Benefits through Spring Health
- Family-Forming support provided by Carrot
- Paid Parental Leave
- Flexible, full-service childcare support with Kinside
- 401(k) with a generous employer match
- Flexible PTO
- Catered lunch each day in our office and data center locations
- A casual work environment
- A work culture focused on innovative disruption
California Applicants
California Consumer Privacy Act
Equal Opportunity & Accommodations
CoreWeave is an equal opportunity employer, committed to fostering an inclusive and supportive workplace. All qualified applicants and candidates will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.
As part of this commitment and consistent with the Americans with Disabilities Act (ADA), CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process, unless such accommodation would cause an undue hardship. If reasonable accommodation is needed, please contact: careers@coreweave.com.
Export Control Compliance
This position requires access to export controlled information. To conform to U.S. Government export regulations applicable to that information, applicant must either be (A) a U.S. person, defined as a (i) U.S. citizen or national, (ii) U.S. lawful permanent resident (green card holder), (iii) refugee under 8 U.S.C. § 1157, or (iv) asylee under 8 U.S.C. § 1158, (B) eligible to access the export controlled information without a required export authorization, or (C) eligible and reasonably likely to obtain the required export authorization from the applicable U.S. government agency. CoreWeave may, for legitimate business reasons, decline to pursue any export licensing process.