Senior Security Engineer

We're looking for a Senior Security Engineer to join Procore's Security Engineering team. In this role, you'll be a senior member of the team, responsible for building and running the foundational security controls that protect our platform, data, and users. Your primary goal is to build and maintain a secure, scalable, and resilient cloud product and infrastructure.

As a Senior Security Engineer , you'll partner with Engineering, IT, Security Operations, and GRC to integrate security into new and existing systems. Use your strong experience in cloud security, data protection, and identity and access management to build and deploy automated security controls across our SaaS ecosystem . This is a critical role in strengthening our security posture and protecting the data of millions of users- Apply today .

This position reports into the Senior Director, Security Engineering and will be based in our Austin, TX office . We're looking for someone to join us immediately.

What you'll do :

Build and maintain automated pipelines for authoritative asset inventory and Software Bill of Materials (SBOM) generation.

Implement and manage scalable IAM guardrails for cloud (AWS / GCP / Azure) and corporate (Okta) environments.

Contribute to the technical roadmap and execute on projects for data protection, including key management, encryption, and tokenization.

Develop and implement secure configurations for our containerized (Kubernetes, EKS) and IaC (Terraform) workflows.

Work with SRE and GRC teams to test and validate resilience patterns and disaster recovery capabilities.

Provide clear technical context on security controls and architecture to our GRC and Internal Audit teams.

Mentor junior engineers and help review code and designs for security best practices.

Evaluate and recommend new security technologies and platforms to solve immediate business problems.

What we're looking for :

Bachelor's degree in Computer Science or equivalent practical experience.

5+ years of experience in a hands-on technical security role, with at least 2 years focused on cloud security.

Strong knowledge in several security domains (e.g., IAM, IaaS, network) and a willingness to learn others.

Strong hands-on experience with at least one major cloud provider (AWS preferred) and its security services.

Experience with identity and access management platforms (IdP, IGA, PAM) and concepts (SAML, OAuth 2.0, OIDC).

Experience with IaC (Terraform), CI / CD pipelines, and container orchestration (Kubernetes).

Solid understanding of data protection principles, including encryption, key management, and tokenization.

A "builder" mindset with strong automation and scripting skills (Python, Go, or similar).

Strong communication skills and the ability to work effectively with cross-functional teams.

Additional Information

Base Pay Range :

This role may also eligible for Equity Compensation. Procore is committed to offering competitive, fair, and commensurate compensation, and has provided an estimated pay range for this role. Actual compensation will be based on a candidate's job-related skills, experience, education or training, and location.

This position requires access to technology, software, and data that is controlled or restricted under U.S. law, regulation, executive order, or government contract.

For Los Angeles County (unincorporated) Candidates :

Procore will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable federal, state, and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

A criminal history may have a direct, adverse, and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment : 1. appropriately managing, accessing, and handling confidential information including proprietary and trade secret information, as well as accessing Procore's information technology systems and platforms; 2. interacting with and occasionally having unsupervised contact with internal / external customers, stakeholders, and / or colleagues; and 3. exercising sound judgment.