Note: The job is a remote job and is open to candidates in USA. Quora is a privately held, 'remote-first' company with a mission to grow the world's collective intelligence. They are seeking a Senior Infrastructure Security Software Engineer to support their Quora and Poe products by building robust protections around their products, infrastructure, and people.
Responsibilities
- Partner with engineering teams to review cloud and compute architecture design changes
- Establish threat models for cloud and compute paved roads to identify security risks
- Develop or adopt open-source tools to monitor and harden our cloud Infrastructure, harden our OS, develop security logging pipelines and detect intrusions
- Apply your expert knowledge of security best practices for AWS and Kubernetes to inform remediations and the team's control roadmap
- Drive the definition and implementation of security policies and monitor in conformance to the policies
- Write code for automations that support security requirements like threat detection, incident containment, and network access management
- Conduct initial incident triage; determine scope, urgency, and potential impact of security incidents; participate in the incident response process
Skills
- You have hands-on experience securing large-scale cloud environments, particularly with AWS
- You are passionate about building secure infrastructure-as-code (IaC) pipelines using tools like Terraform or CloudFormation
- You understand IAM policies, network segmentation, and VPC design and have a thorough grasp of monitoring and logging in cloud-native environments
- You are skilled in identifying misconfigurations, mitigating risks, and driving remediation processes
- Bonus points if you've implemented security in Kubernetes clusters or serverless architectures
- You believe in 'security as code' and are skilled at automating security processes
- You can develop and integrate security tools into CI/CD pipelines to ensure secure code delivery
- Tools like SAST, DAST, and dependency scanning are part of your daily toolkit, and you have experience integrating them into workflows to catch vulnerabilities early
- You also advocate for secure coding practices and are skilled at mentoring teams to write resilient, secure applications
- You are well versed in AWS infrastructure security but also are passionate about scalability, reliability and operational rigor
- Beyond that, you know that root does not mean root and are passionate about container security, POSIX Capabilities, SECCOMP and have a favorite flavor of LSM
- In your spare time, you love playing around with OSQuery and eBPF
- Partner with engineering teams to review cloud and compute architecture design changes
- Establish threat models for cloud and compute paved roads to identify security risks
- Develop or adopt open-source tools to monitor and harden our cloud Infrastructure, harden our OS, develop security logging pipelines and detect intrusions
- Apply your expert knowledge of security best practices for AWS and Kubernetes to inform remediations and the team's control roadmap
- Drive the definition and implementation of security policies and monitor in conformance to the policies
- Write code for automations that support security requirements like threat detection, incident containment, and network access management
- Conduct initial incident triage; determine scope, urgency, and potential impact of security incidents; participate in the incident response process
- Product Security (nice-to-have): Not a requirement, but a real plus: experience building secure web applications and APIs, with a working grasp of the OWASP Top 10 and common vulnerabilities such as XSS, CSRF, and SQL injection
Benefits
- Medical/dental/vision coverage
- Equity refreshers
- Remote work reimbursement
- Paid time off
- Employee assistance programs
Company Overview
Company H1B Sponsorship