FedRAMP Vulnerability Analyst

Job Description

We’re looking for a Senior FedRAMP Vulnerability Analyst to join Procore’s Product & Technology Team. Procore software solutions aim to improve the lives of everyone in construction and the people within Product & Technology are the driving force behind our innovative, top-rated global platform. We’re a customer-centric group that encompasses engineering, product, product design and data, security and business systems. 

The Senior FedRAMP Vulnerability Analyst will join Procore’s Cybersecurity Risk & Compliance team. In this role, you’ll drive vulnerability management activities that support and maintain our FedRAMP authorization, ensuring that Procore's systems meet the highest standards of security and regulatory compliance. You will play a key role in identifying, analyzing, and reporting on security vulnerabilities while supporting risk-informed decision-making across the business.

As a Senior FedRAMP Vulnerability Analyst, you’ll partner with security engineers, compliance analysts, DevOps teams, and product owners to track, assess, and report on vulnerabilities impacting FedRAMP-authorized systems. Use your technical depth, regulatory knowledge, and analytical thinking to reduce risk exposure, maintain FedRAMP compliance, and improve operational resilience. If you're passionate about turning data into action and enabling secure innovation—apply today to help us protect what builds the world.

This position reports into the Senior Manager of Risk & Policy and will be based in our Austin, TX office. We’re looking for someone to join us immediately.

What you’ll do:

• Monitor and triage vulnerability data from scanning tools and threat intelligence sources to ensure timely remediation of findings impacting FedRAMP systems

• Analyze vulnerability risk based on asset criticality, exposure, and threat context, and provide clear and actionable recommendations

• Track open vulnerabilities, coordinate with technical teams, and ensure adherence to FedRAMP-defined remediation timelines

• Partner with the GRC teams and internal FedRAMP stakeholders to support FedRAMP reporting, continuous monitoring deliverables, and audit evidence requests

• Document exceptions, justifications, and mitigation plans for vulnerabilities that cannot be remediated within required timelines

• Generate clear and concise metrics, dashboards, and reports for stakeholders and executive leadership

• Contribute to the continuous improvement of vulnerability management processes, workflows, and tooling

What we’re looking for:

• Degree or equivalent work experience

• Must have a minimum of 2 years experience in triaging, remediating and reporting on vulnerabilities within a FedRAMP environment

• Background in development and security engineering

• Ability to navigate complex environments

• Capability to help developers resolve vulnerabilities

• Some combination o the following: OSCP, CompTIA Security+, GCIA / GCIH / GPEN , CISM, AWS Certified Security – Specialty

Additional Information

Base Pay Range $94,720 - $130,240. Eligible for Bonus Incentive Compensation. Procore is committed to offering competitive, fair, and commensurate compensation, and has provided an estimated pay range for this role. Actual compensation will be based on a candidate’s job-related skills, experience, education or training, and location.

Perks & Benefits

At Procore, we invest in our employees and provide a full range of benefits and perks to help you grow and thrive. From generous paid time off and healthcare coverage to career enrichment and development programs, learn more details about what we offer and how we empower you to be your best.

About Us

Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, retail centers, airports, housing complexes, and more. At Procore, we have worked hard to create and maintain a culture where you can own your work and are encouraged and given resources to try new ideas. Check us out on Glassdoor to see what others are saying about working at Procore.

We are an equal-opportunity employer and welcome builders of all backgrounds. We thrive in a dynamic and inclusive environment. We do not tolerate discrimination against candidates or employees on the basis of gender, sex, national origin, civil status, family status, sexual orientation, religion, age, disability, race, traveler community, status as a protected veteran or any other classification protected by law.

If you'd like to stay in touch and be the first to hear about new roles at Procore, join our Talent Community.

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact our benefits team here to discuss reasonable accommodations.

For Los Angeles County (unincorporated) Candidates:

Procore will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable federal, state, and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

A criminal history may have a direct, adverse, and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment: 1. appropriately managing, accessing, and handling confidential information including proprietary and trade secret information, as well as accessing Procore's information technology systems and platforms; 2. interacting with and occasionally having unsupervised contact with internal/external customers, stakeholders, and/or colleagues; and 3. exercising sound judgment.