Application Security Engineer
Procore is seeking an Application Security Engineer to join our team in Carpinteria, CA. The Application Security Engineer will design, analyze, evaluate, test, debug and implement applications, programs, or systems in support of company initiatives on various platforms. He/she will also define system security requirements through collaboration with customers and/or business units and/or prepares studies and analyzes existing systems. They will also identify, analyze and resolve complex systems deficiencies as well as develop and recommend corrective actions. Lastly, this role will be responsible for expert and specialist level knowledge ensuring the reliability, security, and performance of mission-critical systems within Procore.
What you'll do:
- Scope and perform application security reviews of web applications, APIs, and architecture.
- Provide engineers with well-researched security advice to demonstrate vulnerabilities and provide secure development guidance.
- Assist in the triage of vulnerabilities that are found internally, privately or publicly disclosed, or reported through our bug bounty program.
- Produce research and collaborate with our peers in the broader cyber-security industry.
- Constantly question existing security practices and routines, and update, replace, or automate them.
- Write and promote secure development practices for software and IT engineers.
What we're looking for:
- Bachelor’s degree in Computer Science or MIS or comparable experience.
- Certified Security Professional (CISSP, GIAC or other certifications)
- AWS and/or Network Security Certifications a plus
- Application Security tools like Burp, OWASP ZAP, brakeman, and other DAST and SAST tools.
- Linux, and especially technologies like LXC, Docker, seccomp, grsecurity, etc.
- A functional understanding of Amazon Web Services - VPC, IAM, KMS, EC2, S3, EBS, ELB, etc., or similar primitives is not required, but will certainly help.
- Security features in container and container orchestration technologies (LXC, Docker, Kubernetes)
- Modern web technologies - Ember.js, Angular, React+Redux, GraphQL, Socket.io/Websockets
- Experience with building security automation is a big plus
- Experience with black box, grey box, and white box security testing of applications.
- Experience with performing threat modeling and manual secure code review.
- Strong working knowledge of web application development and architecture, HTTP, and TLS.
- Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them.
- Enthusiastic and quick learning of complex systems and poorly-documented open source software.
- Comfortable working with continuous integration/delivery and agile development teams.
- Able to work collaboratively across diverse engineering teams and products to meet organizational security goals.
- Experience with various performance engineering tools, methodologies and frameworks (predictive modeling, capacity planning, performance analysis and stress testing, and benchmarking)
- Expertise in process automation, building and care of Enterprise class servers and in storage technologies and converged network products
- Capable of resolving complex software and hardware problems
- Advanced skill level with mastery of most operating systems commands/utilities, CIFs, DHCP, DNS, A/D and TCP/IP
- Experience with designing and implementing Group Policy Objects
- Knowledge experience implementing security policies in various data center environment
- Must be able to lift over 40 lbs.
- Read a 14” monitor screen at resolutions of 1024 x 768.
- Requires travel as needed to support other locations and disaster recovery testing.
Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, retail centers, airports, housing complexes and more. At Procore, we have worked hard to create and maintain a culture where you can own your work and are encouraged and given resources to try new ideas. Check us out on Glassdoor to see what others are saying about working at Procore. Our headquarters is located on the bluffs above the Pacific Ocean in Carpinteria, CA, with growing offices worldwide. To learn more about our team, click here.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Perks & Benefits
You are a person with dreams, goals, and ambitions—both personally and professionally. That's why we believe in providing benefits that not only match our Procore values (Openness, Optimism, and Ownership) but enhance the lives of our team members. Here are just a few of our benefit offerings: competitive health care plans, unlimited paid vacation, stock options, employee enrichment and development programs, and friends & family events.