Job Ad

Staff Security Engineer

We’re looking for a Staff Security Engineer to join Procore’s Security Engineering team as a foundational technical leader. In this role, you won’t just be implementing security controls, you will be designing the next generation of autonomous defense. Your mission is to move Procore beyond static automation toward a self-governing, agentic security posture. You will design the high-level frameworks and orchestration layers that allow a fleet of security agents to protect our platform, data, and users with minimal human intervention.

As a Staff Security Engineer, you are a force multiplier. You will partner with Product & Technology, IT, Security Operations, and GRC to execute the long-term strategy for agentic security engineering. You will use your deep expertise in distributed systems and LLM orchestration to build robust, scalable agentic workflows that solve entire classes of security vulnerabilities permanently. This is a high-impact leadership opportunity to define the future of security engineering for a global SaaS leader - Apply today.

This position reports into the Senior Manager, Security Engineering and will be based in our Bengaluru office.

What you’ll do:
At Procore, AI isn’t a specialized tool, it's a core competency. We expect every team member to be AI-literate, leveraging generative tools and agentic workflows to move faster and work smarter. You won’t just use AI; you’ll be building the agentic future of construction.

• Architect the Agentic Fabric: Design and implement the multi-agent orchestration layer (using LangGraph, Semantic Kernel, or custom MAS frameworks) that coordinates autonomous security tasks across the enterprise.

  
  
  

• Define Agentic Identity & Governance: Solve the complex challenge of Agent Identity—designing how autonomous agents authenticate (IAM/OIDC), manage secrets, and operate within least-privilege guardrails.

  
  
  

• Autonomous Vulnerability Eradication: Lead the strategy for self-healing systems, building agents that don't just find bugs, but autonomously architect, test, and deploy platform-wide refactors to eliminate vulnerability classes.

  
  
  

• Secure the AI Infrastructure: Architect the enterprise-wide paved path for secure agent deployment, including high-assurance sandboxing, real-time prompt-injection firewalls, and RAG data-leakage prevention.

  
  
  

• Drive the Agentic Roadmap: Design the multi-year technical strategy for shifting Procore from manual security engineering to a human-in-the-loop autonomous model.

  
  
  

• Lead Complex Evaluations: Spearhead the evaluation of emerging agentic security platforms and LLM-native security tools, moving them from proof-of-concept to production at scale.

  
  
  

• Advanced Threat Modeling: Build agents capable of performing dynamic, recursive threat modeling of microservices and complex cloud architectures.

  
  
  

• Strategic Mentorship: Scale agentic thinking across the entire Security and Engineering organization, setting the standard for how Procore builds and secures autonomous systems. Incident Response Orchestration: Build the autonomous control orchestrator agents capable of performing initial triage, containment, and evidence preservation during high-stakes security events.

  
  
  

What we’re looking for:

• Development: 6+ years of experience in hands-on technical security, with a proven track record of shipping complex, distributed software in Python or Go at a Staff level.

• Agentic Orchestration Mastery: Deep, production-level experience with agent frameworks (LangGraph, CrewAI, AutoGPT). You understand the architecture of stateful, multi-turn agentic loops and autonomous tool-calling.

  
  
  

• LLM Security Pioneer: Authoritative knowledge of AI security risks (OWASP LLM Top 10) and experience building defensive layers like Semantic Firewalls, LLM Guardrails, and EWS (Early Warning Systems) for agents.

  
  
  

• Distributed Systems Expertise: Deep understanding of cloud-native architecture (AWS/K8s) specifically as it relates to providing secure, scalable execution environments for autonomous processes.

  
  
  

• Agentic Identity & Access: Proven experience building or extending IAM/IGA systems to handle non-human, autonomous entities (service mesh, workload identity, agent-specific tokens).

  
  
  

• Strategic Influence: The ability to influence engineering leadership and drive the cultural shift from "scanning for bugs" to "building autonomous fixers."

  
  
  

• Agentic SDLC Vision: Experience embedding AI agents into the CI/CD pipeline to automate complex reasoning tasks, moving beyond simple static/dynamic analysis.

  
  
  

• Analytical Rigor: A systems-thinking approach to security, with the ability to treat prompt engineering as a rigorous logic and control-flow discipline. Communication: Exceptional ability to translate the abstract world of agentic security into concrete, actionable roadmaps for both executives and junior engineers.