Job Description

What if you could use your technology skills to develop a product that impacts the way communities’ hospitals, homes, sports stadiums, and schools across the world are built? Construction impacts the lives of nearly everyone in the world, and yet it’s also one of the world’s least digitized industries, not to mention one of the most dangerous. That’s why we’re looking for a talented Manager, Application Security to join Procore’s journey to revolutionize a historically underserved industry.

As a Manager, Application Security you will help translate Security Architecture’s vision into a well defined, measured and enforced program ensuring optimized delivery and strategic alignment. This role will be responsible for building security into Procore’s core application, a Multi-Tenant SaaS Application. You’ll work with Application Security engineers to evangelize shift-left security, engaging early and often with the R&D Engineering teams. You will bring your technical background, deep knowledge of threat modeling, and experience building application security programs to help take Procore to the next level. 

A self-starter attitude, excellent communication, collaboration skills and dedication to innovative technologies are critical to this role.

What you’ll do:

• Optimize tactics used to implement strategy within the AppSec/Red Team translating security objectives into engineering ready projects
• Partner closely with Architecture and GRC to ensure delivery is aligned with policies, standards and roadmaps
• Develop close relationships with the engineering teams developing the Procore platform
• Oversee the engineers performing penetration tests of applications prior to go-live or M&A
• Lead regular offensive security initiatives
• Lead Agile stand-ups and backlog grooming sessions to write EPIC, Tasks and Stories that meet business objectives and clearly demonstrable results.
• Partner closely with Tech Leads to align on implementation strategies
• Define, measure and enforce application security policies, standards, and best practices.
• Drive process development for Secure Coding Practices, Conduct Security Reviews and drive down security related technical debt in the platform and applications.
• Develop Software Security Assurance Practice within P&T Engineering teams
• Represent Procore in industry security meetings, act as security SME and advisor to customers looking to adopt Procore’s leading apps.
• Speak to customers about Procore’s security program when necessary
• Foster a security first culture by partnering with dev teams and platform engineers to balance key performance and security.
• Perform regular reviews and approval of Platform Code, and Application Code for security, and cloud best practices. 
• Select, implement and fully operationalize the process and technology needed for a successful Application Security program

What we’re looking for:

• BA/BS degree in Computer Science OR equivalent practical experience
• Experience working in Platform Engineering, Application Security, or Building SaaS Applications or Application Security Architecture
• At least 5 years of Security focus and leading secure design security reviews in large engineering organizations
• Experience in Threat Modeling using STRIDE, PASTA or similar
• Experience in leading Security Engineering Teams in a Platform / SaaS Application Development Organization
• Minimum 1 year of experience with active compliant environments, eg PCI-DSS, HITRUST, FEDRAMP, ISO 27001 or similar regulated industries.
• AWS or other Cloud Certifications
• Knowledge of risk assessment tools, technologies, and methods
• At least 3 years building platforms, applications, and services on cloud infrastructure.
• Sound knowledge of application design, recommending and fixing security issues in the code with specific focus on OWASP guidelines.
• Experience with SAST, DAST, IAST tools
• Experience with Ethical hacking and proof of concept exploitation and a deep understanding of security principles including encryption, authentication, etc.

Preferred Qualifications:

• Designing secure networks, systems, and application architecture
• Basic encryption theory and key management (PKI)
• Host or Network Based Intrusion Detection Tools (HIDS/NIDS)
• Software Architecture
• Relevant security qualifications
• Knowledge of Edge and Device Security with prior expertise in Blue and Red Teams a plus

Additional Information

If you'd like to stay in touch and be the first to hear about new roles at Procore, join our Talent Community.

About Us

Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, retail centers, airports, housing complexes, and more. At Procore, we have worked hard to create and maintain a culture where you can own your work and are encouraged and given resources to try new ideas. Check us out on Glassdoor to see what others are saying about working at Procore. 

We are an equal opportunity employer and welcome builders of all backgrounds. We thrive in a diverse, dynamic, and inclusive environment. We do not tolerate discrimination against employees on the basis of age, color, disability, gender, gender identity or expression, marital status, national origin, political affiliation, race, religion, sexual orientation, veteran status, or any other classification protected by law.

Perks & Benefits

You are a person with dreams, goals, and ambitions—both personally and professionally. That's why we believe in providing benefits that not only match our Procore values (Openness, Optimism, and Ownership) but enhance the lives of our team members. Here are just a few of our benefit offerings: generous paid vacation, employee stock purchase plan, enrichment and development programs, and friends and family events.