Staff Infrastructure Security Software Engineer (Remote)

Requirements:

• Sweat The Right Details: you thrive in understanding the details but will also know to ruthlessly prioritize the critical issues.
• Right-Size The Solution: you recognize guidelines and framework do not always fit the problem and know how to adjust the solution for scalability not always at-scale.
• Ownership: you are outcome focused and can deftly navigate obstacles, decompose complexities, manage your time and can communicate your vision to peers and management.

Nice to Haves:

• Cloud Infrastructure Security: hands-on experience securing large-scale cloud environments, particularly with AWS; passionate about building secure infrastructure-as-code; skilled in identifying misconfigurations, mitigating risks, and driving remediation processes.
• Automation and Secure Development Practices: advocate for "security as code"; skilled at automating security processes and integrating security tools into CI/CD pipelines; experience with SAST, DAST, and dependency scanning.
• Linux/System Security: well-versed in AWS infrastructure security; passionate about container security, POSIX Capabilities, SECCOMP; experience with OSQuery and eBPF.

What You'll Be Doing:

• Availability for meetings and impromptu communication during Quora's "coordination hours" (Mon-Fri: 9am-3pm Pacific Time)
• Partner with engineering teams to review cloud and compute architecture design changes.
• Establish threat models for cloud and compute paved roads to identify security risks.
• Develop or adopt open-source tools to monitor and harden our cloud Infrastructure, harden our OS, develop security logging pipelines and detect intrusions.
• Apply expert knowledge of security best practices for AWS and Kubernetes to inform remediations and the team’s control roadmap.
• Drive the definition and implementation of security policies and monitor in conformance to the policies.
• Write code for automations that support security requirements like threat detection, incident containment, and network access management.
• Conduct initial incident triage; determine scope, urgency, and potential impact of security incidents; participate in the incident response process.

Perks and Benefits:

• Medical/dental/vision coverage
• Equity refreshers
• Remote work reimbursement
• Paid time off
• Employee assistance programs
• Country-specific benefits