Security Engineer, Infrastructure Engineering

  • Overview

    If you want to challenge yourself in a large-scale project that has been transforming and digitalizing the construction industry for almost 20 years - then you join us! Together with the Zoolatech team, Procore Technologies develops a platform that allows you to effectively manage the construction of houses, hospitals, data centers, stadiums, and schools. At the same time, it makes the management of finances, quality, teams, and risks transparent, convenient, and compliant with laws.

    Procore has been actively growing even during the latest year and the pandemic and moreover, it went public this year. Procore is a specialist in the construction management domain, and at the same time, it is also a very tech company that takes security and efficiency seriously. You have the opportunity to become part of a large US team and work closely with high-level AppSecEngineers, SecDevOps, and Engineers, and bring the team to the next new level of quality.

    If you are an experienced security engineer or just a regular developer or a DevOps who has been actively involved in resolving security issues during your work and you have a desire to further develop yourself as a security specialist, this is a great opportunity for you to gain new experience and hone your skills.

  • Responsibilities

    • Be a proactive member of the security team that drives complex security efforts for internal and external customers
    • Advocate for security as a subject matter expert across multiple divisions and projects, holding discussions on security topics
    • Drive and implements automation of processes where required and applicable (DAST, SAST, vulnerability management).
    • Investigate and design remediation strategies for widespread and/or complex cases of vulnerabilities and drive the process of remediation
    • Provide Procore's Engineering team with technical security advice to demonstrate vulnerabilities, collaborate with all teams to provide secure development guidance
    • Triage vulnerabilities that are found internally or reported through our bug bounty program; serve as an escalation point of contact
    • Participate in incident response
    • Participate in design review of security-related services and functionality of web applications, mobile applications, and desktop applications
  • We Require

    • 4+ years of combined experience in Security, Software Engineering, and DevOps, with coding experience in an object-oriented language in a SaaS multi-tenant environment
    • Solid experience in scripting languages which would allow you to automate your work
    • Ability in leading small initiatives with the ability to course-correct as needed
    • Ability in conducting threat assessments and creating remediation plans based on the results of threat assessments
    • Experience with the following technologies: AWS, networks and network security, Infrastructure/cloud automation (e.g. CloudFormation, Terraform), Containers (e.g. Docker, Kubernetes, Helm, Spinnaker), Continuous Integration (e.g. Circle CI), Security Tools (e.g. Burp Suite)

    Would be a big plus:

    • Experience with penetration testing, threat modeling, open-source, and commercial security tools
    • Experience in conducting threat modeling, penetration testing and reverse engineering, vulnerability management, and security metrics
    • Experience in development of Ruby on Rails applications
    • Technical Certifications are a plus (GIAC, OCSP, CISSP, OSCP)
    • BS degree in Computer Science or equivalent practical experience, MS in Computer Science

You may be interested

Senior Ruby Engineer

🇺🇦Kyiv, Ukraine

Senior DevOps Engineer

🇺🇦Kyiv, Ukraine

Senior Windows System Administrator

🇺🇦Kyiv, Ukraine

Looks like talking about your friend?

Be the one to get us in touch