Job Ad
We're looking for a Security Architect to join Procore's Security team. In this role, you'll design and drive the security architecture strategy across Procore's cloud-native construction management platforma platform trusted by hundreds of thousands of projects worldwide to manage critical financial transactions, sensitive project data, and workforce information across general contractors, specialty contractors, and owners. The primary goal of this role is to embed security-by-design principles into every layer of our technology stack, including emerging AI capabilities, while enabling Procore to innovate rapidly in an industry undergoing massive digital transformation.
As a Security Architect, you'll partner with Product Engineering, Cloud Infrastructure, Data & AI, and Governance, Risk & Compliance teams to evaluate designs, develop reference architectures, and guide threat modeling across Procore's platform. Use your expertise in cloud security architecture, AI security governance, and risk-based design thinking to reduce Procore's attack surface, shape security controls for AI-powered product capabilities, and strengthen our overall security posture. Construction technology is at an inflection pointAI, IoT-connected jobsites, and fintech integrations are redefining what's possible, and you'll architect the security foundations that make it all trustworthy. Apply today.
This position reports to the Sr. Director of Security Strategy and Operations, and will be based in our Bangalore, India office. We're looking for someone to join us immediately.
What You'll Do
- Design and maintain enterprise security reference architectures for Procore's cloud-native, multi-tenant SaaS platform on AWS, covering microservices, APIs, data pipelines, identity flows, and AI/ML workloads.
- Lead threat modeling and security design reviews for new products, features, and infrastructure changes, with particular focus on construction-specific domains such as financial workflows (payments, lien waivers, insurance), project collaboration, and AI-driven analytics that process sensitive contractor and owner data.
- Architect security controls for AI and machine learning systems across the product portfolio, including model input validation, data lineage, adversarial threat mitigation, bias monitoring, and human oversight mechanisms consistent with responsible AI principles and ISO/IEC 42001 requirements.
- Define and evolve security architecture standards, patterns, and guardrails aligned with NIST CSF, SOC 2, ISO 27001, UK Cyber Essentials, and emerging AI governance frameworks including ISO/IEC 42001 and NIST AI RMF.
- Evaluate and recommend security technologies, tools, and frameworks that address the evolving threat landscape targeting construction technology platformsincluding social engineering, business email compromise, payment fraud, and supply chain attacks across a diverse ecosystem of general contractors, subcontractors, and project owners.
- Partner with leadership to advance strategic security initiatives including IAM modernization, zero-trust architecture adoption, and attack surface management.
- Develop and maintain security architecture documentation, architecture decision records (ADRs), and reusable design patterns that enable engineering teams to self-serve on security decisions without creating bottlenecks.
- Serve as a technical security advisor to cross-functional stakeholders, translating complex security and compliance requirements into clear, actionable guidance for engineering, product, and business teams across global offices.
What We're Looking For
- Bachelor's or Master's degree in Computer Science, Information Security, or a related technical field, or equivalent practical experience.
- 8+ years of experience in information security with at least 4 years focused on security architecture or senior security engineering in a SaaS or cloud-native product environment.
- Deep expertise in cloud security architecture (AWS strongly preferred), including VPC design, IAM policies, encryption strategies, container and Kubernetes security, serverless security patterns, and infrastructure-as-code security.
- Strong understanding of application security principles, secure SDLC practices, API security, and modern authentication and authorization frameworks (OAuth 2.0, SAML, OIDC) with experience designing identity architectures at scale.
- Demonstrated experience with AI/ML security concepts including model security, data governance for training pipelines, prompt injection mitigation, and familiarity with AI governance frameworks such as ISO/IEC 42001 and NIST AI RMF.
- Working knowledge of compliance and risk frameworks such as NIST CSF, SOC 2, ISO 27001, and UK Cyber Essentials, with the ability to translate compliance requirements into practical architectural controls.
- Excellent communication and stakeholder management skills with a demonstrated ability to influence engineering decisions, present to senior leadership, and convey complex technical security concepts to non-technical business stakeholders.
- Industry certifications such as CISSP, CCSP, AWS Security Specialty, SABSA, or TOGAF are strongly preferred; familiarity with construction technology, fintech, or multi-tenant B2B SaaS platforms is a distinct advantage.
