FedRAMP Vulnerability Analyst

We’re looking for a Senior FedRAMP Vulnerability Analyst to join Procore’s Product & Technology Team. Procore software solutions aim to improve the lives of everyone in construction and the people within Product & Technology are the driving force behind our innovative, top-rated global platform. We’re a customer-centric group that encompasses engineering, product, product design and data, security and business systems. The Senior FedRAMP Vulnerability Analyst will join Procore’s Cybersecurity Risk & Compliance team. In this role, you’ll drive vulnerability management activities that support and maintain our FedRAMP authorization, ensuring that Procore's systems meet the highest standards of security and regulatory compliance. You will play a key role in identifying, analyzing, and reporting on security vulnerabilities while supporting risk-informed decision-making across the business.As a Senior FedRAMP Vulnerability Analyst, you’ll partner with security engineers, compliance analysts, DevOps teams, and product owners to track, assess, and report on vulnerabilities impacting FedRAMP-authorized systems. Use your technical depth, regulatory knowledge, and analytical thinking to reduce risk exposure, maintain FedRAMP compliance, and improve operational resilience. If you're passionate about turning data into action and enabling secure innovation—apply today to help us protect what builds the world.This position reports into the Senior Manager of Risk & Policy and will be based in our Austin, TX office. We’re looking for someone to join us immediately.What you’ll do:Monitor and triage vulnerability data from scanning tools and threat intelligence sources to ensure timely remediation of findings impacting FedRAMP systemsAnalyze vulnerability risk based on asset criticality, exposure, and threat context, and provide clear and actionable recommendationsTrack open vulnerabilities, coordinate with technical teams, and ensure adherence to FedRAMP-defined remediation timelinesPartner with the GRC teams and internal FedRAMP stakeholders to support FedRAMP reporting, continuous monitoring deliverables, and audit evidence requestsDocument exceptions, justifications, and mitigation plans for vulnerabilities that cannot be remediated within required timelinesGenerate clear and concise metrics, dashboards, and reports for stakeholders and executive leadershipContribute to the continuous improvement of vulnerability management processes, workflows, and tooling What we’re looking for: Degree or equivalent work experienceMust have a minimum of 2 years experience in triaging, remediating and reporting on vulnerabilities within a FedRAMP environmentBackground in development and security engineeringAbility to navigate complex environmentsCapability to help developers resolve vulnerabilitiesSome combination o the following: OSCP, CompTIA Security+, GCIA / GCIH / GPEN , CISM, AWS Certified Security – Specialty