Job Description

As a Manager, SecDevOps you will help translate Security Architecture’s vision into a well defined, measured and enforced program ensuring optimized delivery and strategic alignment between GRC, DevSecOps and Appsec. This role will bring together building security into Procore’s Cloud Platform and Multi-Tenant SaaS Application and will be influencing the design and implementation of cyber security standards and controls on Procore’s cloud platform, defining secure development practices, identifying threats and risks and leading secure by design efforts. You will be acting as an SME for our cloud environment and helping design solutions and practices for hard to solve security problems. You will be driving adoption of Policy as Code, Adherence to Software Security Metrics, Leading Vulnerability Management all informed by GRC and Architecture requirements. 

A self-starter attitude, excellent communication, collaboration skills and dedication to innovative technologies are critical to this role.

Responsibilities

• Optimize strategy across the SecOps Blue team
• Work closely with engineers to write EPIC, Tasks and Stories to meet business objectives and clearly demonstrable results.
• Security Product Owner and Solutions Manager
• Operating in Agile or Kanban work methodologies
• Define, measure and enforce cloud security policies, standards, and best practices.
• Drive process development for Secure Coding Practices, Conduct Security Reviews and drive down security related technical debt in the platform and applications.
• Mentor engineering and operations staff on unique cloud-based security controls, Secure Coding Practices (to include extensive documentation and training on the ‘why’)
• Develop Software Security Assurance Practice within P&T Engineering & Cloud Platform Engineering
• Represent Procore in industry security meetings, act as security SME and advisor to customers looking to adopt Procore’s leading apps.
• Speak to customers about Procore’s security program when necessary
• Translate security objectives into engineering ready projects
• Foster a security first culture by partnering with dev teams and platform engineers to balance key performance and security.
• Create, Contribute to and Represent SecOps ADR’s
• Perform regular reviews and approval of cloud infrastructure Code, Platform Code, and Application Code for security, and cloud best practices. 
• Drive the adoption of Authentication and Authorization reference architectures for secure management of cloud infrastructure. 
• Educate peers on applying the latest cloud native security technologies when developing new services, systems, and applications.
• Contribute to a secure/compliant cloud-native service catalog.
• Collaborate with engineering and operations teams to implement and automate security controls and processes cloud-native security monitoring, tooling, and reporting.

Qualifications

• BA/BS degree in Computer Science OR equivalent practical experience
• Experience working in Platform Engineering, DevOps, DevSecOps or Building SaaS Applications or Architecture
• At least 5 years of Security focus and leading secure design security reviews in large engineering organizations
• Experience in leading Security Engineering Teams in a Platform / SaaS Application Development Organization
• Minimum 1 year of experience with active compliant environments, eg PCI-DSS, HITRUST, FEDRAMP, ISO 27001 or similar regulated industries.
• AWS or other Cloud Certifications
• Knowledge of risk assessment tools, technologies, and methods
• At least 3 years building platform, applications, and services on cloud infrastructure.
• Sound knowledge of AWS, Kubernetes, Containers, Microservices with experience reviewing, recommending and fixing security issues in the code with specific focus on OWASP Top Ten.
• Experience with Infrastructure-as-Code products like Terraform and CloudFormation.
• Experience with Policy-as-code solutions like Terraform Sentinel and Bridgecrew
• Deep understanding of security principles including encryption, authentication, etc.
• Thorough understanding of networking protocols such as TCP/UDP, SSL/TLS, IPSec, etc.
• Product Ownership for full lifecycle management

 Preferred Qualifications:

• Designing secure networks, systems, and application architecture
• Basic encryption theory and key management (PKI)
• Host or Network Based Intrusion Detection Tools (HIDS/NIDS)
• Compliance Automation
• Relevant security qualifications
• Knowledge of Edge and Device Security
• Prior expertise in Blue and Red Teams a plus
• Knowledge in creating and advancing GRC teams

Additional Information

If you'd like to stay in touch and be the first to hear about new roles at Procore, join our Talent Community.

About Us

Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, retail centers, airports, housing complexes, and more. At Procore, we have worked hard to create and maintain a culture where you can own your work and are encouraged and given resources to try new ideas. Check us out on Glassdoor to see what others are saying about working at Procore. 

We are an equal opportunity employer and welcome builders of all backgrounds. We thrive in a diverse, dynamic, and inclusive environment. We do not tolerate discrimination against employees on the basis of age, color, disability, gender, gender identity or expression, marital status, national origin, political affiliation, race, religion, sexual orientation, veteran status, or any other classification protected by law.

Perks & Benefits

You are a person with dreams, goals, and ambitions—both personally and professionally. That's why we believe in providing benefits that not only match our Procore values (Openness, Optimism, and Ownership) but enhance the lives of our team members. Here are just a few of our benefit offerings: generous paid vacation, employee stock purchase plan, enrichment and development programs, and friends and family events.