We’re looking for a Principal Security Engineer to join Procore’s Security Engineering team. In this role, you’ll be the technical anchor for designing and building the foundational security controls that protect our platform, data, and users. Your primary goal is to engineer a secure, scalable, and resilient cloud product and infrastructure by default.

As a Principal Security Engineer, you’ll partner with Product & Technology, IT, Security Operations, and GRC to embed security into every stage of the development lifecycle. Use your deep expertise in software and infrastructure architecture, data protection, and identity and access management to architect and deploy robust, automated security guardrails across our entire SaaS ecosystem. This is a high-impact opportunity to shape the security direction of a rapidly growing platform and protect the data of millions of users—Apply today.

This position reports into the Senior Director, Security Engineering and will be based in the Austin, TX office. We’re looking for someone to join us immediately.

What you’ll do:

• Design and implement scalable IAM guardrails for cloud (AWS/GCP/Azure) and corporate (Okta) environments, including identity governance, PAM, and service-to-service authentication.

• Architect, build, and deploy automated pipelines for authoritative asset inventory and Software Bill of Materials (SBOM) generation.

• Lead the technical strategy and roadmap for data protection, including key management (KMS), encryption-at-rest/in-transit, and tokenization.

• Develop and enforce secure-by-default configurations for our containerized (Kubernetes, EKS) and IaC (Terraform) workflows.

• Partner with product engineering teams to perform threat modeling, conduct secure code reviews, and integrate automated security testing (SAST/DAST/SCA) into the CI/CD pipelines.

• Mentor junior engineers and act as a force multiplier, scaling security knowledge and best practices across all of engineering.

• Drive the selection and implementation of new security technologies and platforms from proof-of-concept to production.

• Partner with Product & Technology teams to engineer technical resilience patterns, auto-healing systems, and verifiable disaster recovery capabilities.

• Serve as the key technical expert to provide authoritative context on security controls and designs to our GRC and Internal Audit teams.

• Provide on-call support on a rotational basis.

What we’re looking for:

• Bachelor's degree in Computer Science or equivalent practical experience.

• 8+ years of experience in a hands-on technical security role, with at least 4 years focused on cloud security in a large-scale environment.

• Expert-level knowledge in multiple security domains including product/application security, IAM, IaaS, network, endpoint, etc. 

• Expert-level knowledge of at least one major cloud provider (AWS preferred) and its security services (IAM, KMS, Security Hub, GuardDuty).

• Deep experience with identity and access management platforms platforms (IdP, IGA, PAM),  joiner-mover-leaver (JML) mechanisms, and concepts (SAML, OAuth 2.0, OIDC, SCIM).

• Proven experience building security guardrails for IaC (Terraform), CI/CD pipelines, and container orchestration (Kubernetes).

• Strategic vision to align security initiatives with business growth and product velocity.

• Mastery of assessing third-party/M&A product risk and integrating diverse tech stacks securely.

• Strong understanding of data protection principles, including encryption, key management, tokenization, and data loss prevention (DLP).

• A "builder" mindset with a passion for automation (Python, Go, or similar) and shipping solutions as code.

• Excellent communication skills with the ability to translate complex technical concepts for non-technical stakeholders and executive leadership.

Additional Information

Base Pay Range:

This role may also eligible for Equity Compensation. Procore is committed to offering competitive, fair, and commensurate compensation, and has provided an estimated pay range for this role. Actual compensation will be based on a candidate’s job-related skills, experience, education or training, and location.

This position requires access to technology, software, and data that is controlled or restricted under U.S. law, regulation, executive order, or government contract.

For Los Angeles County (unincorporated) Candidates:

Procore will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable federal, state, and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

A criminal history may have a direct, adverse, and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment: 1. appropriately managing, accessing, and handling confidential information including proprietary and trade secret information, as well as accessing Procore's information technology systems and platforms; 2. interacting with and occasionally having unsupervised contact with internal/external customers, stakeholders, and/or colleagues; and 3. exercising sound judgment.