Principal Security Engineer, Infrastructure Engineering

Remote United States

Apply

What if you could use your technology skills to develop a product that impacts the way communities’ hospitals, homes, sports stadiums, and schools across the world are built? Construction impacts the lives of nearly everyone in the world, and yet it’s also one of the world’s least digitized industries, not to mention one of the most dangerous. That’s why we’re looking for a talented Principal Security Engineer to join us on our journey to revolutionize a historically underserved industry.

As a Principal Security Engineer on our Infrastructure team, you’ll join a group of highly skilled Site Reliability, Security, Data Services and Production Engineers to support the Procore platform running on over 2,300 cloud-based systems. As a member of this group, you’ll be directly responsible for the security and uptime of cloud-based production systems ensuring the platform and services are secure and available 24/7/365.

This position has the opportunity to be located in our Austin, TX office, at our headquarters in Carpinteria, CA or remote with potential travel to these offices occasionally.  

What you’ll do:

  • Transform organizational and process challenges to achieve results that drive complex security efforts for internal and external customers
  • Own security decisions across Procore including identifying, planning, and applying security advance concepts and principles
  • Advocate for security as a subject matter expert across multiple organizations, holding discussions on security topics and drive automation across the organization
  • Design, build, and review security-related services and functionality of web applications, mobile applications, and desktop applications
  • Provide our Engineering team with well-researched security advice to demonstrate vulnerabilities, collaborate with all teams to provide secure development guidance
  • Triage vulnerabilities that are found internally or reported through our bug bounty program; serve as an escalation point of contact
  • Conduct threat modeling, penetration testing, data security, DevSecOps, vulnerability management, and security metrics
  • Work across Ruby on Rails, Apache, Nginx, PostgreSQL, AWS tech stacks

What we’re looking for:

  • BS degree in Computer Science or equivalent practical experience, MS in Computer Science preferred
  • 12+ years of experience in Application Security with at least 5 years of experience with Ruby on Rails development with deployment to a production environment.
  • Experience with penetration testing, threat modeling, open source, and commercial security tools
  • Experience with conducting threat assessments, building threat models, and creating remediation plans based on the results of threat assessments
  • Deep background and experience in:
    • AWS services (EC2, ELB, RDS, Route53, S3, Lambda) 
    • IAM implementation
    • AWS and orchestration tools
    • Linux experience; 
    • OSCP Certification
    • Hashicorp Technologies (Consul, Terraform, Vault, Packer)
    • Containers and Container Management (Docker, Kubernetes)
    • Config Management (Puppet, Ansible, Salt)
    • Networking protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Technical Certifications are a plus (GIAC, OCSP, CISSP)

About Us

Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, retail centers, airports, housing complexes and more. At Procore, we have worked hard to create and maintain a culture where you can own your work and are encouraged and given resources to try new ideas. Check us out on Glassdoor to see what others are saying about working at Procore. 

We are an equal opportunity employer and welcome builders of all backgrounds. We thrive in a diverse, dynamic and inclusive environment. We do not tolerate discrimination against employees on the basis of age, color, disability, gender, gender identity or expression, marital status, national origin, political affiliation, race, religion, sexual orientation, veteran status, or any other classification protected by law.

Perks & Benefits

You are a person with dreams, goals, and ambitions—both personally and professionally. That's why we believe in providing benefits that not only match our Procore values (Openness, Optimism, and Ownership) but enhance the lives of our team members. Here are just a few of our benefit offerings: competitive health care plans, unlimited paid vacation, stock options, employee enrichment and development programs, and friends & family events.