Secure the Future of Knowledge: Join Quora's Security Engineering Team
Quora, a remote-first company, is on a mission to grow and share the world's knowledge. We're looking for a passionate and skilled Security Engineer to join our newly formed Security Engineering Team and help protect our users and platform. As a key member, you'll play a critical role in safeguarding Quora and Poe (our innovative AI platform) from evolving security threats. This position offers the flexibility to work remotely from various locations worldwide. Check your eligibility: careers.quora.com/eligible-countries.
Why Quora?
Impact: Contribute to a platform used by over 400 million monthly unique visitors worldwide and a cutting-edge AI platform, Poe, enabling millions to chat, explore, and build with various AI language models.
Challenge: Tackle complex and unique security challenges in a dynamic environment.
Growth: Be part of a team that values continuous learning, experimentation, and big thinking.
Culture: Thrive in a transparent, collaborative, and high-performing remote-first culture.
The Role:
As a Security Engineer, you'll be at the forefront of protecting Quora's products, infrastructure, and people. You'll work alongside a talented team to identify, assess, and mitigate security risks, ensuring the confidentiality, integrity, and availability of our platform and user data.
What You'll Do:
Provide expert security guidance to engineering teams, collaborating with privacy, product, and engineering stakeholders to secure customer data.
Conduct thorough security software architecture reviews and integrate threat modeling and abuse cases into the SDLC, recommending and implementing secure architectural patterns.
Drive the development and implementation of standardized security review processes, effectively reducing security risks before product releases.
Develop and deploy features and application security tools within existing development pipelines to enhance the security posture of Quora products.
Perform dynamic and static code analysis, as well as runtime testing, to identify vulnerabilities.
Contribute to the planning and execution of application penetration tests.
Conduct initial incident triage to assess the scope, urgency, and potential impact of security incidents, coordinating the incident response process.
Attend meetings and be available for communication during Quora's core "coordination hours" (Mon-Fri: 9am-3pm Pacific Time).
What You'll Bring:
We're looking for a skilled software engineer with a passion for security and a deep understanding of web application security principles.
Web Application Security Expertise: Proficiency in developing secure web applications and APIs, with a solid understanding of OWASP Top 10 and common web vulnerabilities (XSS, CSRF, SQL Injection, clickjacking). Experience implementing mitigations like CSP, SameSite cookies, and secure HTTP headers.
Authentication & Authorization: Deep knowledge of building secure authentication and authorization mechanisms (OAuth, OpenID Connect, SAML, JWTs).
Client-Side Security: Expertise in improving client-side web application security, including browser extensions, sandboxing, and JavaScript security, with the ability to identify and mitigate DOM-based XSS and other client-side vulnerabilities.
Cross-Browser & Privacy: Familiarity with cross-browser compatibility and security implications, along with a passion for advancing privacy-respecting features in web applications (cookie handling, privacy-preserving APIs, fingerprinting risk reduction).
Performance & Security Tradeoffs: Understanding of the balance between performance optimization and security requirements in web applications, with the ability to analyze and mitigate the impact of security features on page load times, caching, and scalability.
Security Testing & Tooling: Hands-on experience with security testing tools (Burp Suite, ZAP, browser developer tools) for vulnerability identification. Ability to write custom scripts for automated browser-level security testing and experience with fuzzing and penetration testing.
Emerging Web Standards: A commitment to staying ahead of the curve with emerging web standards and protocols (HTTP/3, WebAuthn, TLS advancements).
Critical Thinking: Ability to prioritize critical issues, right-size solutions for scalability, and navigate obstacles to achieve outcomes.
Ownership: Outcome focused with excellent communication skills to share your vision with peers and management.
Benefits & Compensation:
Quora offers a competitive salary, equity, and a comprehensive benefits package, including medical/dental/vision coverage, equity refreshers, remote work reimbursement, paid time off, and employee assistance programs. Benefits are country-specific. Learn more about our benefits.
US candidates: Salary range is $155,656 - $267,615 USD + equity + benefits.
Canada candidates (Toronto/Vancouver): Salary range is $202,383 - $278,361 CAD + equity + benefits. Other locations in Canada: $188,891 - $259,803 CAD + equity + benefits.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Ready to secure the future of knowledge? Apply now!
Job Applicant Privacy Notice: https://www.careers.quora.com/applicant-privacy-notice
#LI-RJ1 #LI-REMOTE