Staff Product Security Software Engineer

Staff Product Security Software Engineer (Remote)[Quora is a privately held, "remote-first" company. This position can be performed remotely from multiple countries around the world. Please visit careers.quora.com/eligible-countries for details regarding employment eligibility by country.]About QuoraQuora’s mission is to grow and share the world’s knowledge. To do so, we have two knowledge sharing products:Quora: a global knowledge sharing platform with over 400M monthly unique visitors, bringing people together to share insights on various topics and providing a unique platform to learn and connect with others.Poe: a platform providing millions of global users with one place to chat, explore and build with a wide variety of AI language models (bots), including o3, o4-mini, Claude 3.7 Sonnet, GPT Image 1 and more. As AI capabilities rapidly advance, Poe provides a single platform to instantly integrate and utilize these new models.Behind these products are passionate, collaborative, and high-performing global teams. We have a culture rooted in transparency, idea-sharing, and experimentation that allows us to celebrate success and grow together through meaningful work. Join us on this journey to create a positive impact and make a significant change in the world.This role will be working on both Quora and Poe.About The Team And RoleYou will be a key member of the newly created Security Engineering Team, with a mission to keep Quora safe from security problems by building robust protections around our products, infrastructure and people. Our small engineering team works on challenging problems every day. We have a culture that's rooted in constantly learning and improving, and our engineers are encouraged to think big and experiment with new ideas.What We’re Looking ForSweat The Right Details: you thrive in understanding the details but will also know to ruthlessly prioritize the critical issues.Right-Size The Solution: you recognize guidelines and framework do not always fit the problem and know how to adjust the solution for scalability not always at-scale.Ownership: you are outcome focused and can deftly navigate obstacles, decompose complexities, manage your time and can communicate your vision to peers and management.An Ideal Candidate Would……be a capable software engineer while also possessing the following domain expertise:Secure Web Application Development: You are proficient in developing secure web applications and APIs, with a strong understanding of OWASP Top 10 and other common web vulnerabilities such as XSS, CSRF, SQL Injection, and clickjacking. You have experience implementing mitigations such as Content Security Policies (CSP), SameSite cookies, and secure HTTP headers. You are adept at building secure authentication and authorization mechanisms, including OAuth, OpenID Connect, SAML, and JWTs.Client-Side Security: You have expertise in improving the security posture of client-side web applications. You understand the nuances of browser extensions, sandboxing, and JavaScript security. You are knowledgeable about secure JavaScript frameworks. You can identify and mitigate attacks like DOM-based XSS and other client-side vulnerabilities.Cross-Browser Compatibility and Privacy: You are familiar with the intricacies of cross-browser compatibility and the security implications of browser-specific features. You are passionate about advancing privacy-respecting features in web applications, such as implementing proper cookie handling, using privacy-preserving APIs, and reducing fingerprinting risks. You follow developments in browser security policies like SameSite, Secure, and HttpOnly cookies.Performance and Security Tradeoffs: You understand the fine balance between performance optimization and security requirements in web applications. You can implement advanced security measures,You are skilled in analyzing and mitigating the impact of security features on page load times, caching, and scalability.Security Testing and Tooling: You have hands-on experience with security testing tools such as Burp Suite, ZAP, or browser developer tools for identifying vulnerabilities in web applications. You can write custom scripts to automate browser-level security testing and have experience with fuzzing and penetration testing for browsers and web technologies.Emerging Web Standards and Protocols: You stay ahead of the curve by following developments in emerging web standards and protocols like HTTP/3, WebAuthn, and the latest advancements in TLS. You are excited about contributing to the evolution of secure web technologies and implementing these advancements in production environments.ResponsibilitiesAvailability for meetings and impromptu communication during Quora's "coordination hours" (Mon-Fri: 9am-3pm Pacific Time)Provide security guidance to engineering teams and work with privacy, product and engineering teams on securing customer dataPerform security software architecture review and integrate threat modeling and abuse cases into the SDLC; Advise and implement secure software architecture patterns.Drive the development and implementation of standard security review processes across the company that result in effective methods for reducing security risks before product releases.Build features or application security tools within existing development, build, and deployment processes to ensure strong security in Quora product.Conduct dynamic & static code scan reviews and run-time tests.Assist with the planning and execution of application penetration tests.Conduct initial incident triage; determine scope, urgency, and potential impact of security incidents; lead and coordinate the incident response processAt Quora, we value diversity and inclusivity and welcome individuals from all backgrounds, including marginalized or underrepresented groups in tech, to apply for our job openings. We encourage all candidates who share a passion for growing the world’s knowledge, even those who may not strictly meet all the preferred requirements, to apply, as we know that a diverse range of perspectives can have a significant impact on our products and our culture.Additional InformationWe are accepting applications on an ongoing basis.Quora offers a wide range of benefits including medical/dental/vision coverage, equity refreshers, remote work reimbursement, paid time off, employee assistance programs, and more. Benefits are country-specific and may vary. For more information on benefits, visit this link: https://www.careers.quora.com/benefitsThere are many factors that will determine the starting pay, including but not limited to experience, location, education, and business needs.US candidates only: For US based applicants, the salary range is $155,656 - $267,615 USD + equity + benefits.Canada candidates only: For Toronto and Vancouver based applicants, the salary range is $202,383 - $278,361 CAD + equity + benefits. For all other locations in Canada, the salary range is $188,891 - $259,803 CAD + equity + benefits.We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.Job Applicant Privacy Notice: https://www.careers.quora.com/applicant-privacy-noticeSeniority levelSeniority levelMid-Senior levelEmployment typeEmployment typeFull-timeJob functionIndustriesTechnology, Information and Internet and Software DevelopmentReferrals increase your chances of interviewing at Quora by 2xGet notified about new Security Software Engineer jobs in Canada.IT and Security Engineer (Remote Canada)Greater Montreal Metropolitan Area 17 hours agoSecurity Engineer, Security PartnershipsSoftware Engineer - Security (Incident Detection and Response) (Remote- Canada)Staff Engineer, Security Engineering PartnerStaff Software Engineer (Remote - Germany, Canada, Poland and Ukraine)Software Engineer - Security (Incident Detection and Response) (Remote- Canada)Infrastructure Software Engineer, SecuritySoftware Development Engineer in Test- RemoteWe’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr