Staff Product Security Software Engineer

at Quora
  • Remote - Worldwide

Remote

Software Development

Mid-level

Job description

[ Quora is a “remote-first” company . This position can be performed remotely from multiple countries around the world. Please visit careers.quora.com/eligible-countries for details regarding employment eligibility by country.]

About Quora:

Quora’s mission is to grow and share the world’s knowledge. To do so, we have two knowledge sharing products:

  • Quora: a global knowledge sharing platform with over 400M monthly unique visitors, bringing people together to share insights on various topics and providing a unique platform to learn and connect with others.

  • Poe: a platform providing millions of global users with one place to chat, explore and build with a wide variety of AI language models (bots), including GPT-4, Claude 3, Gemini Pro, DALL-E 3 and more. As AI capabilities rapidly advance, Poe provides a single platform to instantly integrate and utilize these new models.

Behind these products are passionate, collaborative, and high-performing global teams. We have a culture rooted in transparency, idea-sharing, and experimentation that allows us to celebrate success and grow together through meaningful work. Join us on this journey to create a positive impact and make a significant change in the world.

This role will be working on both Quora and Poe.

About the Team and Role:

You will be a key member of the newly created Security Engineering Team, with a mission to keep Quora safe from security problems by building robust protections around our products, infrastructure and people. Our small engineering team works on challenging problems every day. We have a culture that’s rooted in constantly learning and improving, and our engineers are encouraged to think big and experiment with new ideas.

What We’re Looking For:

  • Sweat The Right Details: you thrive in understanding the details but will also know to ruthlessly prioritize the critical issues.

  • Right-Size The Solution: you recognize guidelines and framework do not always fit the problem and know how to adjust the solution for scalability not always at-scale.

  • Ownership: you are outcome focused and can deftly navigate obstacles, decompose complexities, manage your time and can communicate your vision to peers and management.

An Ideal Candidate Would…

…be a capable software engineer while also possessing the following domain expertise:

  • Secure Web Application Development: You are proficient in developing secure web applications and APIs, with a strong understanding of OWASP Top 10 and other common web vulnerabilities such as XSS, CSRF, SQL Injection, and clickjacking. You have experience implementing mitigations such as Content Security Policies (CSP), SameSite cookies, and secure HTTP headers. You are adept at building secure authentication and authorization mechanisms, including OAuth, OpenID Connect, SAML, and JWTs.

  • Client-Side Security: You have expertise in improving the security posture of client-side web applications. You understand the nuances of browser extensions, sandboxing, and JavaScript security. You are knowledgeable about secure JavaScript frameworks. You can identify and mitigate attacks like DOM-based XSS and other client-side vulnerabilities.

  • Cross-Browser Compatibility and Privacy: You are familiar with the intricacies of cross-browser compatibility and the security implications of browser-specific features. You are passionate about advancing privacy-respecting features in web applications, such as implementing proper cookie handling, using privacy-preserving APIs, and reducing fingerprinting risks. You follow developments in browser security policies like SameSite, Secure, and HttpOnly cookies.

  • Performance and Security Tradeoffs: You understand the fine balance between performance optimization and security requirements in web applications. You can implement advanced security measures,You are skilled in analyzing and mitigating the impact of security features on page load times, caching, and scalability.

  • Security Testing and Tooling: You have hands-on experience with security testing tools such as Burp Suite, ZAP, or browser developer tools for identifying vulnerabilities in web applications. You can write custom scripts to automate browser-level security testing and have experience with fuzzing and penetration testing for browsers and web technologies.

  • Emerging Web Standards and Protocols: You stay ahead of the curve by following developments in emerging web standards and protocols like HTTP/3, WebAuthn, and the latest advancements in TLS. You are excited about contributing to the evolution of secure web technologies and implementing these advancements in production environments.

Responsibilities:

  • Availability for meetings and impromptu communication during Quora’s “ coordination hours ” (Mon-Fri: 9am-3pm Pacific Time)

  • Provide security guidance to engineering teams and work with privacy, product and engineering teams on securing customer data

  • Perform security software architecture review and integrate threat modeling and abuse cases into the SDLC; Advise and implement secure software architecture patterns.

  • Drive the development and implementation of standard security review processes across the company that result in effective methods for reducing security risks before product releases.

  • Build features or application security tools within existing development, build, and deployment processes to ensure strong security in Quora product.

  • Conduct dynamic & static code scan reviews and run-time tests.

  • Assist with the planning and execution of application penetration tests.

  • Conduct initial incident triage; determine scope, urgency, and potential impact of security incidents; lead and coordinate the incident response process

At Quora, we value diversity and inclusivity and welcome individuals from all backgrounds, including marginalized or underrepresented groups in tech, to apply for our job openings. We encourage all candidates who share a passion for growing the world’s knowledge, even those who may not strictly meet all the preferred requirements, to apply, as we know that a diverse range of perspectives can have a significant impact on our products and our culture.

Additional Information:

We are accepting applications on an ongoing basis.

Quora offers a wide range of benefits including medical/dental/vision coverage, equity refreshers, remote work reimbursement, paid time off, employee assistance programs, and more. Benefits are country-specific and may vary. For more information on benefits, visit this link: https://www.careers.quora.com/benefits

There are many factors that will determine the starting pay, including but not limited to experience, location, education, and business needs.

  • US candidates only: For US based applicants, the salary range is $155,656 - $267,615 USD + equity + benefits.

  • Canada candidates only: For Canada based applicants, the salary range is $188,760 - $278,168 CAD + equity + benefits.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Job Applicant Privacy Notice: https://www.careers.quora.com/applicant-privacy-notice

#LI-RJ1

#LI-REMOTE

Share this job:
Please let Quora know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Quora logo

Quora

Share and grow knowledge

  • 201-500 employees
  • Founded in 2009
  • 19 remote jobs
View all jobs

Latest Jobs at Quora

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply