AppSec Jobs
← Back to all jobs

Procore Technologies

Security Engineer 2

Bengaluru, Karnataka, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Procore Technologies

Procore Technologies, Inc. is a cloud-based construction management software platform founded in 2002 and headquartered in Carpinteria, California. The platform connects various stakeholders in the construction industry, including owners, contractors, architects, and engineers, to facilitate real-time collaboration and streamline workflows throughout the project lifecycle. Procore has evolved significantly since its inception, expanding its offerings to include 13 distinct products that address project management, finance, quality and safety, and design coordination, among other areas. With a presence in over 150 countries, Procore has supported more than 3 million projects, helping construction firms modernize their operations and improve efficiency. The platform integrates with over 180 third-party applications, enhancing its capabilities and allowing users to manage resources and productivity effectively. Procore aims to address industry challenges such as labor shortages and mental health, ultimately promoting better business practices and profitability in the construction sector.

Industry

information technology & services

Employees

4,300

1385 engineers

Revenue

$1.2B

Website

Visit →

Security at Procore Technologies

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Procore's stated AppSec mission includes scanning all applications for vulnerabilities and patching them, along with an ongoing security training program for their teams. Their approach to developer enablement involves embedding security into the development lifecycle and influencing engineering leadership to drive cultural change by shifting security left.
  • The company's risk philosophy includes scanning all applications for vulnerabilities and patching, and compliance with major IT security management standards, including ISO 27001:2013.
  • Stated pain points or goals include designing the long-term application security strategy and roadmap, and designing and building automated pipelines for authoritative asset inventory and Software Bill of Materials (SBOM) generation.
  • A notable gap is that no public, verbatim statements were found describing a dedicated AppSec "Security Champions"program structure or named internal program details.

Security Team

AppSec roles at Procore report into Security Engineering leadership, with one position specifically reporting into the Senior Director, Security Engineering. Key public-facing leaders include Kevin Walker, Chief Security Officer, and Ross Graber, Senior Director of Security Engineering. As of, there are 2 active AppSec job postings. Common skill and tool patterns mentioned in job postings include experience writing custom security tooling or rules engines (implying CodeQL custom rules), Software Bill of Materials (SBOM) generation, containerized (Kubernetes, EKS) and IaC (Terraform) workflows, corporate (Okta) environments, and automation using Python, Go, or similar languages. Information on the team size estimate, public headcount, or a definitive org chart for the AppSec team is not publicly available.

Key Initiatives

No evidence was found for a Security Champions Program, and this information is not publicly available. Procore's "Shift Left"practices involve embedding security into the development lifecycle and influencing engineering leadership to drive cultural change by shifting security left. Their vulnerability management process includes scanning all applications for vulnerabilities and patching, operating and triaging alerts from security tools and platforms to drive remediation, and engaging third parties for penetration and vulnerability testing. Secure SDLC artifacts involve designing and building automated pipelines for authoritative asset inventory and Software Bill of Materials (SBOM) generation, and designing the long-term application security strategy and roadmap. Evidence of new AppSec-specific program rollouts or named tool migrations in the last 6 months was not found in public sources. Public listings and security trust pages do not publish formal SLAs, remediation MTTRs, or named Security Champions program details.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.