Staff Software Engineer - Government Engineering (FedRAMP & Traffic)

Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, retail centers, airports, housing complexes, and more. At Procore, we have worked hard to create and maintain a culture where you can own your work and are encouraged and given resources to try new ideas.

We are looking for a Staff Software Engineer to join Procore's Government Engineering team and serve as a senior technical contributor for our FedRAMP initiative. In this role, you will design, build, and maintain next-generation platform services that provide cloud traffic, ingress/egress, identity, and compliance capabilities. You will combine your technical and collaboration skills along with established software design principles to create a secure, compliant, and highly scalable foundation that Procore developers, partners, and customers can easily integrate with.

The impact of this team is wide as it touches all aspects of Procore's ecosystem within our FedRAMP authorization boundaries, and MUST respect and protect those boundaries. This position reports to the Senior Engineering Manager of the Government Engineering team and is a hybrid role based out of our Austin, TX office. We’re looking for someone to join us immediately.

What you’ll do:

• Manage Cloud Traffic & Service Mesh technologies: Design, implement, and maintain our next-generation network routing, edge controls, and service mesh architecture using Istio, Kong, and Cloudflare.

• Lead Platform Migrations: Drive the engineering lifecycle and migration strategies transitioning internal teams over to centralized, compliant infrastructure pipelines using Istio, and Datadog.

• Manage Identity & Access: Design and implement robust Identity and Access Management (IAM) architectures within FedRAMP boundaries, leveraging Okta for identity federation (SAML/OIDC), SSO, RBAC, and zero-trust patterns.

• Enforce Cryptographic Security: Select, configure, and enforce NIST-certified FIPS 140-2/140-3 validated cryptographic modules across services, TLS configurations, and key management systems.

• Advise on FedRAMP Compliance: Serve as a technical subject matter expert on FedRAMP compliance controls (NIST SP 800-53), translating complex regulatory control language into concrete, automated technical implementations. Partner with security teams on continuous monitoring (ConMon) and annual assessment readiness.

• Develop Automations: Actively write production-grade software to eliminate platform gaps while mentoring mid-level engineers on compliance-aware engineering design patterns.

• Leverage AI Tools: Welcome the use of modern developer tooling—including AI-assisted development assistants—where appropriate to optimize coding efficiency, automate mundane tasks, and accelerate platform delivery.

What we’re looking for:

• Experience: 8+ years of software or infrastructure engineering experience, with at least 3 years directly supporting or operating within a FedRAMP-authorized environment (AWS GovCloud experience is a plus).

• Software Engineering Proficiency: Strong programming fundamentals with demonstrated proficiency in writing software (e.g., Golang, Typescript, or Python) to build robust platform infrastructure and automation tools.

• Deep IAM Expertise: Comprehensive hands-on experience with identity management architecture, identity federation (SAML, OIDC), directory services, privileged access management, and zero-trust architecture principles.

• FIPS Cryptography Real-World Experience: Deep understanding of FIPS 140-2/140-3 validated cryptographic modules. You know how to verify and enforce true NIST-certified algorithm/module testing in practice, rather than just knowing "encryption is on."

• Cloud Traffic & Edge Infrastructure: Production experience managing high-throughput ingress/egress, traffic routing, and container network interfaces at scale using tools like Istio, Kong, and Cloudflare.

• Kubernetes Ecosystem Mastery: Extensive experience architecting, operating, and hardening Kubernetes clusters, including policy enforcement (e.g., OPA/Gatekeeper, Kyverno) and secure secrets management.,

• Experience with secrets management platforms operating in FIPS mode (e.g., HashiCorp Vault).

• Familiarity with FedRAMP Rev 5 transition requirements.

• Experience with STIG application or CIS benchmark enforcement at scale.

• Security certifications such as CISSP, AWS Certified Security - Specialty, or CKS.

Base Pay Range:

This role may also be eligible for Equity Compensation and/or Bonus Incentive Compensation. Procore is committed to offering competitive, fair, and commensurate compensation. Actual compensation will be based on a candidate’s job-related skills, experience, education or training, and location.

This position requires access to technology, software, and data that is controlled or restricted under U.S. law, regulation, executive order, or government contract.

Procore will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable federal, state, and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

A criminal history may have a direct, adverse, and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment: 1. appropriately managing, accessing, and handling confidential information including proprietary and trade secret information, as well as accessing Procore's information technology systems and platforms; 2. interacting with and occasionally having unsupervised contact with internal/external customers, stakeholders, and/or colleagues; and 3. exercising sound judgment.