Staff Security Engineer

Staff Security Engineer

We’re looking for a Staff Security Enginee r to join Procore’s Security Engineering team as a foundational technical leade r. In this role, you won’t just be implementing security controls, you will be designing the next generation of autonomous defense. Your mission is to move Procore beyond static automation toward a self-governing, agentic security posture. You will design the high-level frameworks and orchestration layers that allow a fleet of security agents to protect our platform, data, and users with minimal human intervention

.
As a Staff Security Engine er, you are a force multiplier. You will partner with Product & Technology, IT, Security Operations, and G RC to execute the long-term strategy for agentic security engineering. You will use your deep expertise in distributed systems and LLM orchestration to build robust, scalable agentic workflows that solve entire classes of security vulnerabilities permanently. This is a high-impact leadership opportunity to define the future of security engineering for a global SaaS leader - Apply toda

y.
What you’ll

do:
At Procore, AI isn’t a specialized tool, it's a core competency. We expect every team member to be AI-literate, leveraging generative tools and agentic workflows to move faster and work smarter. You won’t just use AI; you’ll be building the agentic future of construct

• ion.
  Architect the Agentic Fab ric: Design and implement the multi-agent orchestration layer (using LangGraph, Semantic Kernel, or custom MAS frameworks) that coordinates autonomous security tasks across the enterp
• rise.Define Agentic Identity & Governa nce: Solve the complex challenge of Agent Identity—designing how autonomous agents authenticate (IAM/OIDC), manage secrets, and operate within least-privilege guardr
• ails.Autonomous Vulnerability Eradicat ion: Lead the strategy for self-healing systems, building agents that don't just find bugs, but autonomously architect, test, and deploy platform-wide refactors to eliminate vulnerability cla
• sses.Secure the AI Infrastruct ure: Architect the enterprise-wide paved path for secure agent deployment, including high-assurance sandboxing, real-time prompt-injection firewalls, and RAG data-leakage preven
• tion.Drive the Agentic Road map: Design the multi-year technical strategy for shifting Procore from manual security engineering to a human-in-the-loop autonomous m
• odel.Lead Complex Evaluati ons: Spearhead the evaluation of emerging agentic security platforms and LLM-native security tools, moving them from proof-of-concept to production at s
• cale.Advanced Threat Model ing: Build agents capable of performing dynamic, recursive threat modeling of microservices and complex cloud architect
• ures.Strategic Mentors hip: Scale agentic thinking across the entire Security and Engineering organization, setting the standard for how Procore builds and secures autonomous systems. Incident Response Orchestr ation: Build the autonomous control orchestrator agents capable of performing initial triage, containment, and evidence preservation during high-stakes security ev

ents.
What we’re lookin

• g for:
  Development: 6+ years of experience in hands-on technical security, with a proven track record of shipping complex, distributed software in Python or Go at a Staff
• level.Agentic Orchestration Ma stery: Deep, production-level experience with agent frameworks (LangGraph, CrewAI, AutoGPT). You understand the architecture of stateful, multi-turn agentic loops and autonomous tool-c
• alling.LLM Security Pi oneer: Authoritative knowledge of AI security risks (OWASP LLM Top 10) and experience building defensive layers like Semantic Firewalls, LLM Guardrails, and EWS (Early Warning Systems) for
• agents.Distributed Systems Expe rtise: Deep understanding of cloud-native architecture (AWS/K8s) specifically as it relates to providing secure, scalable execution environments for autonomous pro
• cesses.Agentic Identity & A ccess: Proven experience building or extending IAM/IGA systems to handle non-human, autonomous entities (service mesh, workload identity, agent-specific t
• okens).Strategic Infl uence: The ability to influence engineering leadership and drive the cultural shift from "scanning for bugs" to "building autonomous f
• ixers."Agentic SDLC V ision: Experience embedding AI agents into the CI/CD pipeline to automate complex reasoning tasks, moving beyond simple static/dynamic an
• alysis.Analytical Rigor: A systems-thinking approach to security, with the ability to treat prompt engineering as a rigorous logic and control-flow discipline. Communic ation: Exceptional ability to translate the abstract world of agentic security into concrete, actionable roadmaps for both executives and junior eng