Senior Security Engineer

 What you'll do:

  • Assist in designing, building, and reviewing security-related services and functionality of web applications, mobile applications, and desktop applications
  • Scope and perform security reviews of web applications, mobile applications, desktop applications, and private and public cloud environments
  • Provide engineers with well-researched security advice to demonstrate vulnerabilities and provide secure development guidance
  • Assist in the triage of vulnerabilities that are found internally, privately or publicly disclosed, or reported through our bug bounty program
  • Produce research and collaborate with our peers in the broader cyber-security industry
  • Constantly question existing security practices and routines, and update, replace, or automate them
  • Some example projects:
    • Building a Rails application for securely sharing secrets
    • Architecting, building, integrating, and deploying a secrets management solution for product infrastructure
    • Designing and implementing SDLC within an agile development workflow
    • Internal pentest of web applications and corresponding infrastructure

What we're looking for:

  • 4+ years of experience in Software Engineering, System Administration, or Security Engineering, with at least one of those years in a security-focused role
  • Experience with the following technologies:
    • MVC Web Frameworks (Ruby on Rails, Django, Phoenix)
    • Webservers (Apache, Nginx)
    • Relational Databases (PostgreSQL, MySQL)
    • Cloud Computing (OpenStack, AWS)
  • Knowledge and understanding of security concerns from the low level networking up to Javascript running in a web browser
  • Thorough knowledge of Linux from a user and operator prospective
  • Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them
  • Enthusiastic and quick learning of complex systems and open source software
  • Comfortable working with continuous integration/delivery and agile development teams
  • Able to work collaboratively across diverse engineering teams and products to meet organizational security goals

Bonus Points:

  • Experience with conducting threat assessments, building threat models, and creating remediation plans based on the results of threat assessments
  • OSCP Certification
  • Networking protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Experience with the following technologies:
      • Hashicorp Technologies (Consul, Terraform, Vault, Packer)
      • Containers and Container Management (Docker, Kubernetes)
      • In-Memory Caches (Memcache, Redis)
      • Full Text Search (ElasticSearch, Solr)
      • Config Management (Puppet, Ansible, Salt)

About Us
Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, retail centers, airports, housing complexes and more. At Procore, we have worked hard to create and maintain a culture where you can own your work and are encouraged and given resources to try new ideas. Check us out on Glassdoor to see what others are saying about working at Procore. Our headquarters is located on the bluffs above the Pacific Ocean in Carpinteria, CA, with growing offices worldwide. To learn more about our team, click here.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Perks & Benefits
You are a person with dreams, goals, and ambitions—both personally and professionally. That's why we believe in providing benefits that not only match our Procore values (Openness, Optimism, and Ownership) but enhance the lives of our team members. Here are just a few of our benefit offerings: competitive health care plans, unlimited paid vacation, stock options, employee enrichment and development programs, and friends & family events.

Back to top