Job Ad
Security Engineer 2
We're looking for a
Security Engineer 2, Security Engineering to join
Procore'sCybersecurity department. In this role, you'll be responsible for ensuring Procore's security infrastructure is maintained at the highest level of protection and efficiency. As a Security Engineer, you'll be a key member of the Governance, Risk & Compliance department within our Security Team. You'll partner with various teams across Procore, including GRC, IT, Security, Infrastructure, Product Engineering and Security Engineering teams to develop, automate and maintain compliance with existing control standards, as well as pursue new ones.
This is a chance to make a significant impact in a company that values the safety and integrity of its data - Join us to be a part of our security-forward culture.
This position will report into the
Senior Manager, GRC Security Engineering and has the opportunity to be based in our
Bangalore office (Hybrid) in India. We're looking for someone to join us immediately.
What you'll do / Key responsibilities:
- Collaborate with GRC and Security Engineering teams to design, implement and maintain security automation solutions.
- Develop and automate evidence collection, Identity & Access Reviews & Change management validations
- Work closely with GRC and Security Engineering teams through day-to-day operations
- Integrate secure coding standards into SDLC & manage Github Advance Security features including Secret scanning, push protection etc
- Integrate applications and cloud security practices with compliance requirements such as ISO 27001 and SOC 2 to support product audit readiness and regulatory obligations.
- Configure & implement vulnerability exception handling and act as a security partner embedded in the SDLC
- Stay current on evolving regulations, threats, and best practices in information security and compliance
- Be a part of promoting a culture of security awareness within the company
What we're looking for / Qualification:
- Bachelor's degree in computer science, Information Systems or equivalent experience
- 3-5 years of total experience including 2+ years of minimum experience in Security engineering with hands-on experience in writing scalable, maintainable, and efficient code in Python for automation and integration.
- Excellent communication skills, Detail-oriented, proactive, and a strong team player
- Strong knowledge of cybersecurity principles, cloud architecture, networking, and security best practices.
- Experience with cloud technologies like AWS & GRC tools such as Drata, Lumos and Veza is preferred.
- Familiarity with CI/CD pipelines and DevOps practices. Terraform experience for infrastructure automation is a plus.
- Familiarity with compliance standards such as ISO 27001, SOC1/2, NIST CSF, NIS2, Cyber Essentials etc.
- CEH & CompTIA Security+ certification is a plus
Preferred Skills:
Python, AWS, Terraform, CI/CD pipelines, Experience with containerization technologies (e.g., Docker, Kubernetes),SAST/DAST tools 
