We’re looking for a Staff Security Engineer to join Procore’s Security Engineering team. In this role, you’ll be a key technical leader responsible for designing and implementing foundational security controls that protect our platform, data, and users. Your primary goal is to drive the implementation of a secure, scalable, and resilient cloud product and infrastructure by default.
 

As a Staff Security Engineer, you’ll partner with Product & Technology, Engineering, IT, and GRC to embed security into the development lifecycle. Use your deep expertise in cloud architecture, data protection, and identity and access management to design and implement robust, automated security guardrails across our SaaS ecosystem. This is a high-impact opportunity to solve complex security challenges and protect the data of millions of users—Apply today.
 

This position reports into the Senior Director, Security Engineering and will be based in our Austin, TX office. We’re looking for someone to join us immediately.
 

What you’ll do:

• Design and build automated pipelines for authoritative asset inventory and Software Bill of Materials (SBOM) generation.

• Design and implement scalable IAM guardrails for cloud (AWS/GCP/Azure) and corporate (Okta) environments, including PAM and service-to-service authentication.

• Drive the technical roadmap for data protection, including key management (KMS), encryption-at-rest/in-transit, and tokenization.

• Build and implement secure-by-default configurations for our containerized (Kubernetes, EKS) and IaC (Terraform) workflows.

• Partner with SRE and GRC teams to engineer technical resilience patterns, auto-healing systems, and verifiable disaster recovery capabilities.

• Act as a senior technical expert to provide authoritative context on security controls and architecture to our GRC and Internal Audit teams.

• Mentor other engineers and help scale security knowledge across the organization.

• Lead the evaluation and implementation of new security technologies and platforms from proof-of-concept to production.
   

What we’re looking for:

• Bachelor's degree in Computer Science or equivalent practical experience.

• 6+ years of experience in a hands-on technical security role, with at least 3 years focused on cloud security in a large-scale SaaS environment.

• Deep expertise in multiple security domains including product/application security, IAM, IaaS, network, etc.

• Deep expertise with at least one major cloud provider (AWS preferred) and its security services (IAM, KMS, Security Hub, GuardDuty).

• Strong experience with identity and access management platforms (Okta, Azure AD) and concepts (SAML, OAuth 2.0, OIDC, SCIM).

• Proven experience building security guardrails for IaC (Terraform), CI/CD pipelines, and container orchestration (Kubernetes).

• Strong understanding of data protection principles, including encryption, key management, tokenization, and data loss prevention (DLP).

• A "builder" mindset with a passion for automation (Python, Go, or similar) and shipping solutions as code.

• Excellent communication skills with the ability to translate complex technical concepts for technical and non-technical stakeholders.

Additional Information

Base Pay Range:

This role may also eligible for Equity Compensation. Procore is committed to offering competitive, fair, and commensurate compensation, and has provided an estimated pay range for this role. Actual compensation will be based on a candidate’s job-related skills, experience, education or training, and location.

This position requires access to technology, software, and data that is controlled or restricted under U.S. law, regulation, executive order, or government contract.

For Los Angeles County (unincorporated) Candidates:

Procore will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable federal, state, and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

A criminal history may have a direct, adverse, and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment: 1. appropriately managing, accessing, and handling confidential information including proprietary and trade secret information, as well as accessing Procore's information technology systems and platforms; 2. interacting with and occasionally having unsupervised contact with internal/external customers, stakeholders, and/or colleagues; and 3. exercising sound judgment.