Principal Security Engineer, Infrastructure Engineering

  • Overview

    What if you could use your technology skills to develop a product that impacts the way communities’ hospitals, homes, sports stadiums, and schools across the world are built? Construction impacts the lives of nearly everyone in the world, and yet it’s also one of the world’s least digitized industries, not to mention one of the most dangerous. That’s why we’re looking for a talented Principal Security Engineer to join us on our journey to revolutionize a historically underserved industry.

    As a Principal Security Engineer on Procore's Infrastructure team, you’ll join a group of highly skilled Site Reliability, Security, Data Services and Production Engineers to support the Procore platform running on over 2,300 cloud-based systems. As a member of this group, you’ll be directly responsible for the security and uptime of cloud-based production systems ensuring the platform and services are secure and available 24/7/365.

  • Responsibilities

    • Transform organizational and process challenges to achieve results that drive complex security efforts for internal and external customers
    • Own security decisions across Procore including identifying, planning, and applying security advance concepts and principles
    • Advocate for security as a subject matter expert across multiple organizations, holding discussions on security topics and drive automation where required
    • Design, build, and review security-related services and functionality of web applications, mobile applications, and desktop applications
    • Provide Procore's Engineering team with well-researched security advice to demonstrate vulnerabilities, collaborate with all teams to provide secure development guidance
    • Triage vulnerabilities that are found internally or reported through our bug bounty program; serve as an escalation point of contact
    • Conduct threat modeling, penetration testing, data security, DevSecOps, vulnerability management, and security metrics
    • Work across Ruby on Rails, Apache, Nginx, PostgreSQL, AWS tech stacks
  • We Require

    • BS degree in Computer Science or equivalent practical experience, MS in Computer Science preferred
    • 6+ years of experience in Application Security with at least 4 years of experience with software development (preferably Ruby on Rails or other interpreted programming languages) with deployment to a production environment experience
    • Experience with penetration testing, threat modeling, open-source, and commercial security tools
    • Experience with conducting threat assessments, building threat models, and creating remediation plans based on the results of threat assessments
    • Deep background and experience in:
    • AWS services (EC2, ELB, RDS, Route53, S3, Lambda)
    • IAM implementation
    • AWS and orchestration tools
    • Linux experience;
    • OSCP Certification
    • Hashicorp Technologies (Consul, Terraform, Vault, Packer)
    • Containers and Container Management (Docker, Kubernetes)
    • Config Management (Puppet, Ansible, Salt)
    • Networking protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
    • Technical Certifications are a plus (GIAC, OCSP, CISSP)

You may be interested

Technical Program Manager

Junior Android / Kotlin Developer

Middle Manual QA Engineer for Android app

Looks like talking about your friend?

Be the one to get us in touch