Principal Security Engineer
Procore Technologies · Bengaluru, Karnataka, India
- On site
- Full-time
- $150,000 / year
- Bengaluru, Karnataka, India
Job highlights
- Lead autonomous security strategy and infrastructure development.
- Architect agent-driven identity governance and access management.
- Build a centralized agentic orchestration layer.
- Engineer self-healing platforms with agent-managed infrastructure.
- Develop autonomous threat modeling and AI security controls.
About the role
Principal Security Engineer
We’re looking for a Principal Security Engineer to serve as the technical anchor for Procore’s Security Engineering organization. In this role, you will define the vision for autonomous security sovereignty. You are the strategic lead responsible for building a self-reasoning, self-healing security infrastructure that operates with zero-human intervention for entire classes of threats.
As a Principal Engineer, you will sit at the intersection of Security, AI, Data, and Engineering. You will lead the development of high-assurance, agentic security frameworks that protect our platform, data, and users. This is a high-impact leadership opportunity to shape the global security direction of a rapidly growing platform, leveraging the next generation of LLM-native engineering to protect the data of millions of users Apply today.
This position reports into the Senior Manager, Security Engineering and will be based in the Bengaluru, India office.
What you’ll do:
At Procore, AI isn’t a specialized tool, it's a core competency. We expect every team member to be AI-literate, leveraging generative tools and agentic workflows to move faster and work smarter. You won’t just use AI; you’ll be building the agentic future of construction.
- Define the Agentic Strategy: Lead the long-term technical roadmap for moving Procore from traditional Security Engineering to an autonomous security fabric, where agents are the primary drivers of control enforcement and remediation.
- Architect Autonomous Identity Governance: Design and implement next-gen IAM guardrails where agents autonomously manage JML (Joiner-Mover-Leaver) processes, service-to-service authentication, and dynamic, least-privilege PAM.
- Build the Security Brain: Design and deploy the centralized agentic orchestration layer—utilizing LangGraph, Semantic Kernel, and CrewAI—to unify asset inventory, SBOM generation, and real-time attack surface management.
- Engineer Self-Healing Platforms: Partner with product engineering to build paved path infrastructure (Kubernetes, Terraform) that is managed by agents capable of autonomously detecting and correcting drift, misconfigurations, and vulnerabilities.
- Lead Autonomous Threat Modeling: Design agentic workflows that perform continuous, recursive threat modeling and automated "purple teaming" across our microservices architecture.
- Establish Agentic Trust Boundaries: Design the security controls for internal and customer-facing AI, specifically focusing on agentic sandboxing, output verification, and cross-agent authentication.
- M&A and Tech Stack Integration: Perform the technical security assessment of third-party platforms and M&A targets, using agentic tools to rapidly ingest, analyze, and secure diverse tech stacks.
- Force Multiplier & Mentor: Act as a technical catalyst, scaling agentic thinking across all of engineering and mentoring Staff and Senior engineers in building production-grade autonomous systems.
- Technical Advisor: Serve as the authoritative voice for the senior leadership on the security of our AI initiatives and the robustness of our autonomous defense posture.
What we’re looking for:
- The Master Builder: 8+ years of experience in a high-level technical security role, with at least 4 years focused on large-scale SaaS. You must be an expert software engineer (Python, Go) who happens to specialize in security.
- Agentic Authority: Deep, verifiable experience building and shipping autonomous agent systems in production environments. You are an expert in LLM orchestration, tool-calling protocols, and multi-agent state management.
- Architectural Mastery: Expert-level knowledge of cloud security (AWS preferred) and container orchestration, specifically in designing the trusted execution environments required for agents to act with high privilege.
- Identity & Logic Expert: Mastery of identity protocols (OIDC, OAuth 2.0) and how they translate to agentic identity—ensuring that when an agent acts, its provenance and authority are cryptographically verifiable.
- AI Security Pioneer: Deep understanding of the LLM Attack Surface, from training data poisoning and prompt injection to RAG-based data leakage, with a track record of building production-grade mitigations.
- Strategic Visionary: Proven ability to align complex agentic initiatives with business growth and product velocity, ensuring security is a business enabler rather than a friction point.
- Data Protection Authority: Deep understanding of encryption-at-rest/in-transit and KMS, and how to apply these in an environment where agents must autonomously handle sensitive data.
- Systems Thinker: Ability to treat Prompt Engineering as a formal logic discipline, ensuring that autonomous reasoning is deterministic, testable, and safe.
- Exceptional Communicator: The ability to simplify the extreme complexity of Agentic Security for executive leadership while maintaining technical authority with the engineering front line.
Key skills/competency
- Security Engineering
- Autonomous Security
- AI Security
- LLM Orchestration
- Cloud Security (AWS)
- Identity and Access Management (IAM)
- Container Orchestration
- Threat Modeling
- Python
- Go
Skills & topics
- Principal Security Engineer
- Security Engineering
- Autonomous Security
- AI Security
- LLM Orchestration
- Cloud Security
- AWS
- IAM
- Container Orchestration
- Threat Modeling
- Python
- Go
- SaaS Security
- Agentic Systems
- Identity Governance
How to get hired
- Tailor your resume: Highlight your experience with autonomous agent systems, LLM orchestration, and cloud security (AWS).
- Showcase AI expertise: Emphasize your deep understanding of AI security, prompt engineering, and building production-grade mitigations for LLM attack surfaces.
- Demonstrate leadership: Provide examples of technical leadership, mentoring engineers, and driving strategic security initiatives.
- Quantify achievements: Use data to illustrate the impact of your security solutions, especially in large-scale SaaS environments.
- Prepare for technical interviews: Be ready to discuss complex security architectures, identity protocols, and agentic workflows in detail.
Technical preparation
Master LLM orchestration and multi-agent systems.,Deep dive into AWS security and containerization.,Practice Python and Go for security engineering.,Study OIDC, OAuth 2.0, and PAM concepts.
Behavioral questions
Describe a complex security problem you solved autonomously.,How would you mentor junior engineers on agentic security?,Explain AI security risks to non-technical leadership.,How do you balance security with business velocity?
Frequently asked questions
- What is the expected experience level for a Principal Security Engineer at Procore Technologies?
- Procore Technologies seeks a Principal Security Engineer with 8+ years of high-level technical security experience, including at least 4 years in large-scale SaaS environments. Expertise in software engineering (Python, Go) with a specialization in security is required, alongside verifiable experience in building and deploying autonomous agent systems.
- What specific AI and agentic technologies are critical for this Principal Security Engineer role?
- For the Principal Security Engineer role at Procore, deep experience with LLM orchestration, tool-calling protocols, and multi-agent state management is crucial. Familiarity with frameworks like LangGraph, Semantic Kernel, and CrewAI for building agentic systems is highly valued.
- Does Procore Technologies require experience with specific cloud platforms for the Principal Security Engineer position?
- Yes, expert-level knowledge of cloud security is essential for the Principal Security Engineer. While AWS is preferred, extensive experience in designing trusted execution environments for high-privilege agents within cloud infrastructures is a key requirement.
- What is Procore's approach to AI and agentic workflows for security?
- At Procore, AI is a core competency, not just a tool. The company is actively building the 'agentic future' of construction, expecting team members to be AI-literate and leverage generative tools. This Principal Security Engineer role is central to evolving from traditional security to an autonomous security fabric driven by agents.
- How does Procore Technologies view the role of security in relation to business growth and product velocity?
- Procore Technologies views security as a business enabler rather than a point of friction. The Principal Security Engineer is expected to possess strategic vision, aligning complex agentic initiatives with business growth and product velocity to ensure security supports these objectives.
- What are the key responsibilities for a Principal Security Engineer in AI security at Procore?
- A key responsibility is pioneering AI security by deeply understanding the LLM attack surface (e.g., prompt injection, data poisoning) and building production-grade mitigations. This includes establishing agentic trust boundaries, sandboxing, output verification, and managing AI-related security risks.
- Is this a remote or on-site Principal Security Engineer position at Procore Technologies?
- This Principal Security Engineer position is based in the Bengaluru, India office. Therefore, it is an on-site role.