Application Security Engineer

| Carpinteria

Procore is seeking an Application Security Engineer to join our team in Carpinteria, CA. The Application Security Engineer will design, analyze, evaluate, test, debug and implement applications, programs, or systems in support of company initiatives on various platforms. He/she will also define system security requirements through collaboration with customers and/or business units and/or prepares studies and analyzes existing systems. They will also identify, analyze and resolve complex systems deficiencies as well as develop and recommend corrective actions. Lastly, this role will be responsible for expert and specialist level knowledge ensuring the reliability, security, and performance of mission-critical systems within Procore.

Duties and Responsibilities:

  • Scope and perform application security reviews of web applications, APIs, and architecture.
  • Provide engineers with well-researched security advice to demonstrate vulnerabilities and provide secure development guidance.
  • Assist in the triage of vulnerabilities that are found internally, privately or publicly disclosed, or reported through our bug bounty program.
  • Produce research and collaborate with our peers in the broader cyber-security industry.
  • Constantly question existing security practices and routines, and update, replace, or automate them.
  • Write and promote secure development practices for software and IT engineers.

Required Skills/Experience

  • Bachelor’s degree in Computer Science or MIS or comparable experience.
  • Certified Security Professional (CISSP, GIAC or other certifications)
  • AWS and/or Network Security Certifications a plus
  • Application Security tools like Burp, OWASP ZAP, brakeman, and other DAST and SAST tools.
  • Linux, and especially technologies like LXC, Docker, seccomp, grsecurity, etc.
  • A functional understanding of Amazon Web Services - VPC, IAM, KMS, EC2, S3, EBS, ELB, etc., or similar primitives is not required, but will certainly help.
  • Security features in container and container orchestration technologies (LXC, Docker, Kubernetes)
  • Languages - one or more of: Ruby, Python, Java, Go, Shell, JavaScript both for performing code reviews and creating your own scripts and tooling (fuzzers, scanners, etc.).
  • Modern web technologies - Ember.js, Angular, React+Redux, GraphQL, Socket.io/Websockets
  • Experience with building security automation is a big plus
  • Experience with black box, grey box, and white box security testing of applications.
  • Experience with performing threat modeling and manual secure code review.
  • Strong working knowledge of web application development and architecture, HTTP, and TLS.
  • Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them.
  • Enthusiastic and quick learning of complex systems and poorly-documented open source software.
  • Comfortable working with continuous integration/delivery and agile development teams.
  • Able to work collaboratively across diverse engineering teams and products to meet organizational security goals.
  • Experience with various performance engineering tools, methodologies and frameworks (predictive modeling, capacity planning, performance analysis and stress testing, and benchmarking)
  • Expertise in process automation, building and care of Enterprise class servers and in storage technologies and converged network products
  • Capable of resolving complex software and hardware problems
  • Advanced skill level with mastery of most operating systems commands/utilities, CIFs, DHCP, DNS, A/D and TCP/IP
  • Experience with designing and implementing Group Policy Objects
  • Knowledge experience implementing security policies in various data center environment

Physical Requirements

  • Must be able to lift over 40 lbs.
  • Read a 14” monitor screen at resolutions of 1024 x 768.
  • Requires travel as needed to support other locations and disaster recovery testing.
 

About Us

Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, retail centers, airports, housing complexes and more. At Procore, we have worked hard to create and maintain a culture where you can own your work and are encouraged and given resources to try new ideas. Check us out on Glassdoor to see what others are saying about working at Procore. Our headquarters is located on the bluffs above the Pacific Ocean in Carpinteria, CA, with growing offices worldwide. To learn more about our team, click here.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Perks & Benefits

You are a person with dreams, goals, and ambitions—both personally and professionally. That's why we believe in providing benefits that not only match our Procore values (Openness, Optimism, and Ownership) but enhance the lives of our team members. Here are just a few of our benefit offerings: competitive health care plans, unlimited paid vacation, stock options, employee enrichment and development programs, and friends & family events.

Read Full Job Description
Apply now
loading ...
Emailed

Technology we use

  • Engineering
    • .NETLanguages
    • JavascriptLanguages
    • RubyLanguages
    • Ruby on RailsFrameworks

Location

6305 Carpinteria Ave, Carpinteria, CA 93013
6305 Carpinteria Ave, Carpinteria, CA 93013

Perks of working here

401(K) Matching
401(K)
Beer on Tap
Casual Dress
Company Equity
Company Outings
Conferences & Training
Dental
Game Room
Happy Hours
Health Benefits
Onsite Gym
Pet Friendly
Some Meals Provided
Stocked Kitchen
Unlimited PTO
Vision
Volunteering Opportunities
More Jobs at Procore Technologies53 open jobs
All
Finance
Data + Analytics
Design + UX
Developer + Engineer
HR
Internships
Marketing
Operations
Product
Sales
Content
Sales
new
Procore Technologies
HR
new
Procore Technologies
Finance
new
Procore Technologies
Data + Analytics
new
Procore Technologies
Developer + Engineer
new
Procore Technologies
Content
Procore Technologies
Product
Procore Technologies
Product
Procore Technologies
Product
Procore Technologies
Product
Procore Technologies
Product
Procore Technologies
Developer + Engineer
Procore Technologies
HR
Procore Technologies
Operations
Procore Technologies
Operations
Procore Technologies
Operations
Procore Technologies
Developer + Engineer
Procore Technologies
Sales
Procore Technologies
Marketing
Procore Technologies
Sales
Procore Technologies
Sales
Procore Technologies
Operations
Procore Technologies
Internships
Procore Technologies
Developer + Engineer
Procore Technologies
Operations
Procore Technologies
Design + UX
Procore Technologies
Developer + Engineer
Procore Technologies
Operations
Procore Technologies
Finance
Procore Technologies
Design + UX
Procore Technologies
Developer + Engineer
Procore Technologies
Developer + Engineer
Procore Technologies
Developer + Engineer
Procore Technologies
Sales
Procore Technologies
Design + UX
Procore Technologies
Sales
Procore Technologies
Sales
Procore Technologies
Operations
Procore Technologies
Marketing
Procore Technologies
Developer + Engineer
Procore Technologies
Finance
Procore Technologies
Sales
Procore Technologies
HR
Procore Technologies
Operations
Procore Technologies
Product
Procore Technologies
Sales
Procore Technologies
HR
Procore Technologies
Operations
Procore Technologies