Staff Security Engineer, Infrastructure Engineering
What if you could use your technology skills to develop a product that impacts the way communities’ hospitals, homes, sports stadiums, and schools across the world are built? Construction impacts the lives of nearly everyone in the world, and yet it’s also one of the world’s least digitized industries, not to mention one of the most dangerous. That’s why we’re looking for a talented Staff Security Engineer to join us on our journey to revolutionize a historically underserved industry.
As a Staff Security Engineer at Procore, you will join a small, but ambitious security team that is working alongside their engineering counterparts to deliver a world class SaaS solution to the construction industry. given the unique opportunity to partner intimately with our customer base, translating their fundamental needs into technological SaaS solutions. Backed by the might of our teams, we’ll provide you with the tools and resources needed to achieve extraordinary results that render a significant impact extending beyond the boundaries of traditional engineering roles.
This position will be based at our headquarters in Carpinteria, CA on the bluffs overlooking the Pacific Ocean or at our growing downtown Austin, TX office.. We’re looking for someone to join our team immediately.
What you’ll do:
- As a senior member of the security team, you will lead and collaborate across the organization (DBA, SRE, Customer Support, IT and Developers) ensuring security standards are followed and our architecture patterns are aligned
- Being part of a team that is directly responsible for security and uptime of production systems and you must have strong technical hands-on experience in delivering projects
- Help the technology and business teams identify, prioritize, and implement a comprehensive, resilient architecture that will ensure security is built-in to the service offerings from the very start
- Be the subject matter expert when it comes to security infrastructure and lead discussions as such providing technical and solution oriented expertise
- Drive security incident triage and root cause analysis
- Use your knowledge when it comes to automation to improve and automate security tools and processes to support a developer self service infrastructure
- Scope, perform and improve security reviews of web and mobile applications, both in private and public cloud environments
- Deliver complex projects keeping security requirements within scope
- Improve processes, threat assessments, building threat models and creating remediation plans based on the results of threat assessments
- Perform, resolve and define narratives found with Pen-testing on the platform/apps/infrastructure
- Define System hardening of the infrastructure, identifying deficiencies and develop mitigation strategies to risks
- Research and collaborate with our peers in the broader cyber-security industry
What we're looking for:
- 8+ years experience in the information security field with a strong background in automation through coding, scripting and integration in a security context
- 6+ years experience with penetration testing, threat, attack types and malware capabilities.
- Bachelor's degree in Information Security, Computer Science, Information Systems, Engineering or related major or equivalent years of experience and education
- Demonstrated experience implementing security controls in an "infrastructure as code" environment on a public IaaS platform (AWS, GCP. etc.)
- Minimum of 3 years' experience in either Linux or Windows operating systems (prefer both)
- Experience with container and container management and developing security controls in a Docker/Kubernetes environment
- Experience developing security controls on AWS Cloud Platform
- Strong, well-rounded background in host, network and application security.
- Experience developing automated information security controls against common compliance frameworks such as SOC, FedRAMP, FIPS 140 PCI-DSS, or Cloud Security Alliance
- Experience creating automated solutions for auditing compliance with security standards
- Senior level knowledge of industry standard security tools and encryption/cryptography protocols and best practices, authentication, authorization and directory services.
- Coding proficiency in Ruby, Python, Go, C/C++ and/or Java.
- Known experience as a technical thought leaders on their teams and adept at generating consensus through influence born of respect and expertise, rather than by mandate.
- Strong ability to contribute extensively to making others better via code reviews, mentoring, pairing, and training
- Technical Certifications are a plus (SANS, GIOAC, OCSP)
Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, housing complexes, and more. Our headquarters is located on the bluffs above the Pacific Ocean in Carpinteria, CA, with growing offices worldwide. Check us out on Glassdoor to see what others are saying about working at Procore!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Perks & Benefits
You are a person with dreams, goals, and ambitions—both personally and professionally. That's why we believe in providing benefits that not only match our Procore values (Openness, Optimism, and Ownership) but enhance the lives of our team members. Here are just a few of our benefit offerings: competitive health care plans, flexible paid time off (Procore Values Time), employee enrichment and development programs, and volunteer days.