Security Engineer II

We're looking for a Security Engineer II to join Procore's Security Engineering team. In this role, you'll be a key contributor, focused on building, implementing, and operating the foundational security controls that protect our platform, data, and users. Your primary goal is to help build and maintain a secure, scalable, and resilient cloud product and infrastructure.

As a Security Engineer II, you'll work with Engineering, IT, Security Operations, and GRC to apply security principles to our systems. Use your experience in cloud security, automation, and core security principles to implement and operate automated security controls across our SaaS ecosystem. This is a fantastic opportunity to grow your skills and make a real impact on protecting the data of millions of users-Apply today.

This position reports into the Senior Director, Security Engineering and will be based in our Austin, TX office. We're looking for someone to join us immediately.

What you'll do:

• Configure and support IAM guardrails for cloud (AWS/GCP/Azure) and corporate (Okta) environments.

• Implement and support automated pipelines for asset inventory and Software Bill of Materials (SBOM) generation.

• Support the implementation of data protection tools and processes, including key management and encryption.

• Implement secure configurations for our containerized (Kubernetes, EKS) and IaC (Terraform) workflows under the guidance of senior engineers.

• Collaborate with Product & Technology teams to test and document resilience patterns.

• Assist GRC and Internal Audit teams by gathering data and providing context on security controls.

• Operate and triage alerts from security tools and platforms, and help drive remediation.

• Participate in the evaluation of new security technologies and tools.

• Provide on-call support on a rotational basis.

What we're looking for:

• Bachelor's degree in Computer Science or equivalent practical experience.

• 2+ years of experience in a hands-on technical security or IT/ops role with a security focus.

• Solid understanding of core security domains such as IAM, network security, and infrastructure security.

• Hands-on experience with at least one major cloud provider (AWS preferred).

• Hands-on experience identifying and exploiting common web/API vulnerabilities (e.g., Burp Suite usage) and secure API design.

• Proficiency in scripting to automate simple security tasks or checks.

• Familiarity with identity and access management platforms platforms (IdP, IGA, PAM), joiner-mover-leaver (JML) mechanisms, and concepts (SAML, OAuth 2.0, OIDC, SCIM).

• Experience with, or a strong desire to learn, IaC (Terraform) and container orchestration (Kubernetes).

• Understanding of data protection principles, including encryption and key management.

• A passion for automation and experience with scripting languages (Python, Go, or similar).

• Good communication skills and a collaborative, team-oriented attitude.

Base Pay Range:

This role may also eligible for Equity Compensation. Procore is committed to offering competitive, fair, and commensurate compensation, and has provided an estimated pay range for this role. Actual compensation will be based on a candidate's job-related skills, experience, education or training, and location.

This position requires access to technology, software, and data that is controlled or restricted under U.S. law, regulation, executive order, or government contract.

Procore will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable federal, state, and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

A criminal history may have a direct, adverse, and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment: 1. appropriately managing, accessing, and handling confidential information including proprietary and trade secret information, as well as accessing Procore's information technology systems and platforms; 2. interacting with and occasionally having unsupervised contact with internal/external customers, stakeholders, and/or colleagues; and 3. exercising sound judgment.