Quora Security Engineering Team
Quora is a privately held, "remote-first" company. This position can be performed remotely from anywhere in Canada or the United States. Please visit careers.quora.com/eligible-countries for details regarding employment eligibility by country.
About the Team and Role
You will be a key member of the newly created Security Engineering Team, with a mission to keep Quora safe from security problems by building robust protections around our products, infrastructure and people. Our small engineering team works on challenging problems every day. We have a culture that's rooted in constantly learning and improving, and our engineers are encouraged to think big and experiment with new ideas.
What We're Looking For
Sweat The Right Details: you thrive in understanding the details but will also know to ruthlessly prioritize the critical issues.
Right-Size The Solution: you recognize guidelines and framework do not always fit the problem and know how to adjust the solution for scalability not always at-scale.
Ownership: you are outcome focused and can deftly navigate obstacles, decompose complexities, manage your time and can communicate your vision to peers and management.
An Ideal Candidate Would...
be a capable software engineer while also spiking in at least one of the following domain expertise:
Cloud Infrastructure Security: You have hands-on experience securing large-scale cloud environments, particularly with AWS. You are passionate about building secure infrastructure-as-code (IaC) pipelines using tools like Terraform or CloudFormation. You understand IAM policies, network segmentation, and VPC design and have a thorough grasp of monitoring and logging in cloud-native environments. You are skilled in identifying misconfigurations, mitigating risks, and driving remediation processes. Bonus points if you've implemented security in Kubernetes clusters or serverless architectures.
Automation and Secure Development Practices: You believe in "security as code" and are skilled at automating security processes. You can develop and integrate security tools into CI/CD pipelines to ensure secure code delivery. Tools like SAST, DAST, and dependency scanning are part of your daily toolkit, and you have experience integrating them into workflows to catch vulnerabilities early. You also advocate for secure coding practices and are skilled at mentoring teams to write resilient, secure applications.
Linux/System Security: You are well versed in AWS infrastructure security but also are passionate about scalability, reliability and operational rigor. Beyond that, you know that root does not mean root and are passionate about container security, POSIX Capabilities, SECCOMP and have a favorite flavor of LSM. In your spare time, you love playing around with OSQuery and eBPF.
Product Security (nice-to-have): Not a requirement, but a real plus: experience building secure web applications and APIs, with a working grasp of the OWASP Top 10 and common vulnerabilities such as XSS, CSRF, and SQL injection. It complements the infrastructure security focus of this role and helps when partnering with product teams.
Responsibilities
Partner with engineering teams to review cloud and compute architecture design changes
Establish threat models for cloud and compute paved roads to identify security risks
Develop or adopt open-source tools to monitor and harden our cloud Infrastructure, harden our OS, develop security logging pipelines and detect intrusions
Apply your expert knowledge of security best practices for AWS and Kubernetes to inform remediations and the team's control roadmap
Drive the definition and implementation of security policies and monitor in conformance to the policies
Write code for automations that support security requirements like threat detection, incident containment, and network access management.
Conduct initial incident triage; determine scope, urgency, and potential impact of security incidents; participate in the incident response process
At Quora, we value diversity and inclusivity and welcome individuals from all backgrounds, including marginalized or underrepresented groups in tech, to apply for our job openings. We encourage all candidates who share a passion for growing the world's knowledge, even those who may not strictly meet all the preferred requirements, to apply, as we know that a diverse range of perspectives can have a significant impact on our products and our culture.
Additional Information
Successful candidates must have availability for meetings and impromptu communication during Quora's "coordination hours" (Mon-Fri: 9am-3pm Pacific Time).
We are accepting applications on an ongoing basis.
Quora offers a wide range of benefits including medical/dental/vision coverage, equity refreshers, remote work reimbursement, paid time off, employee assistance programs, and more. Benefits are country-specific and may vary.
There are many factors that will determine the starting pay, including but not limited to experience, location, education, and business needs.
US candidates only: For US based applicants, the salary range is $172,279 - $249,640 USD + equity + benefits.
Canada candidates only: For Toronto and Vancouver based applicants, the salary range is $221,209 - $256,433 CAD + equity + benefits. For all other locations in Canada, the salary range is $206,461 - $239,337 CAD + equity + benefits.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
AI technology may assist in sorting applications and recording interview notes, but all decisions are made by a member of our team.
To ensure a secure hiring process, all final candidates will undergo identity verification and a comprehensive background check prior to onboarding.
Job Applicant Privacy Notice:
Quora Security Engineering Team
Quora is a privately held, "remote-first" company. This position can be performed remotely from anywhere in Canada or the United States. Please visit careers.quora.com/eligible-countries for details regarding employment eligibility by country.
About the Team and Role
You will be a key member of the newly created Security Engineering Team, with a mission to keep Quora safe from security problems by building robust protections around our products, infrastructure and people. Our small engineering team works on challenging problems every day. We have a culture that's rooted in constantly learning and improving, and our engineers are encouraged to think big and experiment with new ideas.
What We're Looking For
Sweat The Right Details: you thrive in understanding the details but will also know to ruthlessly prioritize the critical issues.
Right-Size The Solution: you recognize guidelines and framework do not always fit the problem and know how to adjust the solution for scalability not always at-scale.
Ownership: you are outcome focused and can deftly navigate obstacles, decompose complexities, manage your time and can communicate your vision to peers and management.
An Ideal Candidate Would...
be a capable software engineer while also spiking in at least one of the following domain expertise:
Cloud Infrastructure Security: You have hands-on experience securing large-scale cloud environments, particularly with AWS. You are passionate about building secure infrastructure-as-code (IaC) pipelines using tools like Terraform or CloudFormation. You understand IAM policies, network segmentation, and VPC design and have a thorough grasp of monitoring and logging in cloud-native environments. You are skilled in identifying misconfigurations, mitigating risks, and driving remediation processes. Bonus points if you've implemented security in Kubernetes clusters or serverless architectures.
Automation and Secure Development Practices: You believe in "security as code" and are skilled at automating security processes. You can develop and integrate security tools into CI/CD pipelines to ensure secure code delivery. Tools like SAST, DAST, and dependency scanning are part of your daily toolkit, and you have experience integrating them into workflows to catch vulnerabilities early. You also advocate for secure coding practices and are skilled at mentoring teams to write resilient, secure applications.
Linux/System Security: You are well versed in AWS infrastructure security but also are passionate about scalability, reliability and operational rigor. Beyond that, you know that root does not mean root and are passionate about container security, POSIX Capabilities, SECCOMP and have a favorite flavor of LSM. In your spare time, you love playing around with OSQuery and eBPF.
Product Security (nice-to-have): Not a requirement, but a real plus: experience building secure web applications and APIs, with a working grasp of the OWASP Top 10 and common vulnerabilities such as XSS, CSRF, and SQL injection. It complements the infrastructure security focus of this role and helps when partnering with product teams.
Responsibilities
Partner with engineering teams to review cloud and compute architecture design changes
Establish threat models for cloud and compute paved roads to identify security risks
Develop or adopt open-source tools to monitor and harden our cloud Infrastructure, harden our OS, develop security logging pipelines and detect intrusions
Apply your expert knowledge of security best practices for AWS and Kubernetes to inform remediations and the team's control roadmap
Drive the definition and implementation of security policies and monitor in conformance to the policies
Write code for automations that support security requirements like threat detection, incident containment, and network access management.
Conduct initial incident triage; determine scope, urgency, and potential impact of security incidents; participate in the incident response process
At Quora, we value diversity and inclusivity and welcome individuals from all backgrounds, including marginalized or underrepresented groups in tech, to apply for our job openings. We encourage all candidates who share a passion for growing the world's knowledge, even those who may not strictly meet all the preferred requirements, to apply, as we know that a diverse range of perspectives can have a significant impact on our products and our culture.
Additional Information
Successful candidates must have availability for meetings and impromptu communication during Quora's "coordination hours" (Mon-Fri: 9am-3pm Pacific Time).
We are accepting applications on an ongoing basis.
Quora offers a wide range of benefits including medical/dental/vision coverage, equity refreshers, remote work reimbursement, paid time off, employee assistance programs, and more. Benefits are country-specific and may vary.
There are many factors that will determine the starting pay, including but not limited to experience, location, education, and business needs.
US candidates only: For US based applicants, the salary range is $172,279 - $249,640 USD + equity + benefits.
Canada candidates only: For Toronto and Vancouver based applicants, the salary range is $221,209 - $256,433 CAD + equity + benefits. For all other locations in Canada, the salary range is $206,461 - $239,337 CAD + equity + benefits.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
AI technology may assist in sorting applications and recording interview notes, but all decisions are made by a member of our team.
To ensure a secure hiring process, all final candidates will undergo identity verification and a comprehensive background check prior to onboarding.
Job Applicant Privacy Notice:
