Staff Security Engineer

Staff Security Engineer

Were looking for a Staff Security Engineer to join Procores Security Engineering team as a foundational technical leader. In this role, you wont just be implementing security controls, you will be designing the next generation of autonomous defense. Your mission is to move Procore beyond static automation toward a self-governing, agentic security posture. You will design the high-level frameworks and orchestration layers that allow a fleet of security agents to protect our platform, data, and users with minimal human intervention

.
As a Staff Security Engineer, you are a force multiplier. You will partner with Product & Technology, IT, Security Operations, and GRC to execute the long-term strategy for agentic security engineering. You will use your deep expertise in distributed systems and LLM orchestration to build robust, scalable agentic workflows that solve entire classes of security vulnerabilities permanently. This is a high-impact leadership opportunity to define the future of security engineering for a global SaaS leader - Apply toda

y.
What youll

do:
At Procore, AI isnt a specialized tool, it's a core competency. We expect every team member to be AI-literate, leveraging generative tools and agentic workflows to move faster and work smarter. You wont just use AI; youll be building the agentic future of construct

• ion.
  Architect the Agentic Fabric: Design and implement the multi-agent orchestration layer (using LangGraph, Semantic Kernel, or custom MAS frameworks) that coordinates autonomous security tasks across the enterp
• rise.Define Agentic Identity & Governance: Solve the complex challenge of Agent Identitydesigning how autonomous agents authenticate (IAM/OIDC), manage secrets, and operate within least-privilege guardr
• ails.Autonomous Vulnerability Eradication: Lead the strategy for self-healing systems, building agents that don't just find bugs, but autonomously architect, test, and deploy platform-wide refactors to eliminate vulnerability cla
• sses.Secure the AI Infrastructure: Architect the enterprise-wide paved path for secure agent deployment, including high-assurance sandboxing, real-time prompt-injection firewalls, and RAG data-leakage preven
• tion.Drive the Agentic Roadmap: Design the multi-year technical strategy for shifting Procore from manual security engineering to a human-in-the-loop autonomous m
• odel.Lead Complex Evaluations: Spearhead the evaluation of emerging agentic security platforms and LLM-native security tools, moving them from proof-of-concept to production at s
• cale.Advanced Threat Modeling: Build agents capable of performing dynamic, recursive threat modeling of microservices and complex cloud architect
• ures.Strategic Mentorship: Scale agentic thinking across the entire Security and Engineering organization, setting the standard for how Procore builds and secures autonomous systems. Incident Response Orchestration: Build the autonomous control orchestrator agents capable of performing initial triage, containment, and evidence preservation during high-stakes security ev

ents.
What were lookin

• g for:
  Development: 6+ years of experience in hands-on technical security, with a proven track record of shipping complex, distributed software in Python or Go at a Staff
• level.Agentic Orchestration Mastery: Deep, production-level experience with agent frameworks (LangGraph, CrewAI, AutoGPT). You understand the architecture of stateful, multi-turn agentic loops and autonomous tool-c
• alling.LLM Security Pioneer: Authoritative knowledge of AI security risks (OWASP LLM Top 10) and experience building defensive layers like Semantic Firewalls, LLM Guardrails, and EWS (Early Warning Systems) for
• agents.Distributed Systems Expertise: Deep understanding of cloud-native architecture (AWS/K8s) specifically as it relates to providing secure, scalable execution environments for autonomous pro
• cesses.Agentic Identity & Access: Proven experience building or extending IAM/IGA systems to handle non-human, autonomous entities (service mesh, workload identity, agent-specific t
• okens).Strategic Influence: The ability to influence engineering leadership and drive the cultural shift from "scanning for bugs" to "building autonomous f
• ixers."Agentic SDLC Vision: Experience embedding AI agents into the CI/CD pipeline to automate complex reasoning tasks, moving beyond simple static/dynamic an
• alysis.Analytical Rigor: A systems-thinking approach to security, with the ability to treat prompt engineering as a rigorous logic and control-flow discipline. Communication: Exceptional ability to translate the abstract world of agentic security into concrete, actionable roadmaps for both executives and junior eng