Quora

Senior Infrastructure Security Software Engineer (Remote)

Quora1 weeks ago
Location

Remote - Multiple Locations

Workplace

Remote

Type

Full Time

Salary

USD 172,279 – 256,433

Level

Senior

Role

Security Engineer

Posted

Jun 25, 2026

Full TimeRemoteSenior

The role

Summary

Senior Infrastructure Security Software Engineer at Quora is a critical role supporting the company's Quora and Poe platforms, focusing on building robust cloud and infrastructure security protections for over 300 million monthly users. This position requires a capable software engineer with deep expertise in cloud infrastructure security (AWS/Kubernetes), automation and secure development practices, or Linux/system security, working collaboratively to architect threat models, harden cloud environments, and develop security automation tools. The role offers the opportunity to shape security at scale across globally distributed systems while working with a passionate, newly-formed Security Engineering Team in a remote-first, culture-driven organization.

What you'll do

Cloud Architecture Security Reviews: Partner with engineering teams to conduct comprehensive reviews of cloud and compute architecture design changes, identifying security vulnerabilities and ensuring alignment with security best practices and organizational standards.
Threat Modeling and Risk Assessment: Establish comprehensive threat models for cloud and compute infrastructure paved roads to systematically identify security risks, potential attack vectors, and compliance gaps before they impact production systems.
Infrastructure Hardening and Tool Development: Develop, adopt, and maintain open-source and proprietary tools to monitor and harden cloud infrastructure, operating systems, and security logging pipelines, including intrusion detection capabilities and real-time threat visibility.
Security Best Practices Implementation: Apply expert knowledge of security best practices for AWS and Kubernetes environments to inform remediation strategies, control roadmaps, and architectural decisions that protect the company's infrastructure at scale.
Security Policy Development and Enforcement: Drive the definition, documentation, and implementation of comprehensive security policies while establishing monitoring mechanisms and compliance frameworks to ensure consistent adherence across all infrastructure and teams.
Security Automation and Infrastructure-as-Code: Write and maintain code for security automation solutions supporting threat detection, incident containment, network access management, and infrastructure provisioning using infrastructure-as-code principles and CI/CD integration.
Incident Response and Triage: Conduct initial incident triage for security events, determine scope and urgency, assess potential business impact, and actively participate in incident response processes to minimize damage and prevent recurrence.

What we look for

Technical

Cloud Infrastructure Security (AWS)Hands-on expertise securing large-scale AWS cloud environments with deep knowledge of IAM policies, network segmentation, VPC design, and cloud-native monitoring and logging solutions. Experience with infrastructure-as-code tools like Terraform or CloudFormation is required.
Container and Kubernetes SecurityDemonstrated experience implementing security controls in Kubernetes clusters, including pod security policies, network policies, RBAC configurations, and container runtime security. Understanding of container image scanning and registry security is essential.
Linux and System-Level SecurityStrong proficiency with Linux operating systems, including kernel security features, POSIX capabilities, SELinux/AppArmor, seccomp profiles, and system hardening. Experience with container security and eBPF-based security tooling is highly valued.
CI/CD Security IntegrationExpertise developing and integrating security tools into continuous integration and continuous deployment pipelines, including SAST, DAST, dependency scanning, and vulnerability management solutions to detect and prevent security issues early in development.
Secure Development PracticesProficiency implementing 'security as code' methodologies, automating security processes, and advocating for secure coding practices. Ability to mentor development teams on building resilient, secure applications and APIs.
Security Monitoring and LoggingAdvanced capability in designing and implementing comprehensive security logging pipelines, threat detection systems, and intrusion detection/prevention mechanisms. Experience with SIEM platforms, log aggregation, and real-time alerting systems is essential.
Software Engineering FundamentalsStrong software development background with the ability to write production-quality code, design scalable systems, and contribute meaningfully to architectural decisions. Ability to balance security requirements with operational and business needs.

Education

Bachelor's Degree in Computer Science, Security, or Related FieldFormal education in computer science, information security, software engineering, or equivalent technical discipline that provides foundational knowledge for infrastructure and application security work.

Experience

5+ Years Infrastructure or Security Engineering ExperienceMinimum five years of professional experience in infrastructure engineering, cloud security, system administration, or security engineering roles, demonstrating progressive responsibility and impact in building secure systems at scale.
3+ Years Cloud Platform ExperienceAt least three years of hands-on experience working with cloud platforms, preferably AWS, including designing, deploying, and securing cloud infrastructure and understanding cloud-native architecture patterns.
2+ Years Security Engineering or Application SecurityMinimum two years of dedicated experience in security engineering, application security, or related security-focused roles where you've implemented or championed security controls, policies, or best practices.
Incident Response ExperienceDemonstrated participation in security incident response activities, including initial triage, scope determination, containment, and post-incident analysis to prevent recurrence.

Skills

Required skills

AWS Cloud InfrastructureProduction-level expertise with AWS services including EC2, VPC, IAM, S3, CloudTrail, and other core infrastructure components with demonstrated ability to architect secure cloud environments.
Infrastructure-as-Code (Terraform/CloudFormation)Proficiency writing and maintaining infrastructure-as-code using Terraform, CloudFormation, or similar tools with deep understanding of idempotency, state management, and secure secret handling.
Kubernetes Administration and SecurityAdvanced Kubernetes knowledge including deployment, configuration, troubleshooting, and implementation of security controls such as RBAC, network policies, and pod security standards.
Linux Systems AdministrationExpert-level Linux administration including kernel hardening, package management, service configuration, performance tuning, and security implementation using native Linux security features.
Python or Go ProgrammingStrong proficiency in at least one systems programming language such as Python or Go, enabling development of security automation tools, scripts, and integrations with security platforms.
Security Automation and ScriptingAbility to develop automation solutions for security processes including threat detection, incident response, compliance checking, and remediation using scripting languages and security APIs.
Vulnerability Assessment and RemediationHands-on experience identifying security misconfigurations and vulnerabilities in cloud environments, systems, and applications, with demonstrated ability to drive remediation and implement preventive controls.
Monitoring and Alerting SystemsExperience designing and implementing comprehensive monitoring, logging, and alerting solutions for security events, infrastructure health, and compliance using tools like Datadog, Prometheus, ELK, or similar platforms.

Nice to have

eBPF and Advanced Linux Security ToolsExperience with eBPF-based security tools, OSQuery, or other advanced system introspection and monitoring solutions for deep visibility into system and container behavior.
Product Security and Application SecurityWorking knowledge of OWASP Top 10, common web vulnerabilities such as XSS, CSRF, SQL injection, and experience securing web applications and APIs alongside infrastructure security.
Serverless Architecture SecurityExperience implementing security controls and best practices for serverless computing platforms and function-as-a-service environments including Lambda and similar services.
Security Compliance FrameworksFamiliarity with security compliance standards such as SOC 2, ISO 27001, CIS Benchmarks, or similar frameworks, with experience implementing controls and maintaining compliance posture.
Incident Response and ForensicsExperience participating in security incident response activities, forensic analysis, and contributing to post-incident reports and preventive measures to enhance security posture.
Container Image Scanning and Registry SecurityExperience implementing and maintaining container image scanning, vulnerability management in container registries, and secure supply chain practices for containerized applications.
SAST, DAST, and Dependency Scanning ToolsHands-on experience integrating and managing static analysis, dynamic analysis, and dependency scanning tools within CI/CD pipelines to detect and remediate vulnerabilities early in development.
Open Source Security Tools DevelopmentExperience developing, maintaining, or significantly contributing to open source security tools, demonstrating ability to write security-focused software and contribute to the broader security community.

Compensation & benefits

Salary

USD 172,279 – 256,433 (annual)

Stock options

Available

Benefits

Comprehensive Health Coverage

Medical, dental, and vision insurance coverage with company contributions to ensure employee health and wellness.

Equity Compensation and Refreshers

Stock options and regular equity refreshers for senior-level employees, aligning individual success with company growth and providing long-term wealth building opportunities.

Remote Work Support

Dedicated remote work reimbursement to support home office setup, technology equipment, and internet services for productive remote work.

Generous Paid Time Off

Comprehensive paid time off policy including vacation days, sick leave, and personal time for work-life balance and employee wellbeing.

Employee Assistance Program

Access to confidential counseling, mental health support, and personal resources to support employee and family wellbeing.

Flexible Work Environment

Remote-first company culture with flexible coordination hours (Monday-Friday, 9am-3pm Pacific Time) allowing for geographic flexibility and work-life integration.

Professional Development

Culture rooted in continuous learning and experimentation with opportunities to think big, explore new ideas, and develop expertise in cutting-edge security practices.

Inclusive Company Culture

Transparent, collaborative environment celebrating success with high-performing global teams and meaningful work toward growing the world's collective intelligence.


Apply for this position

You'll be redirected to the company's application page


Quora

Quora

View all jobs

Quora is an American social question-and-answer website and online knowledge market where users ask, answer, and edit questions to share insights and knowledge.

Mountain View, California, United StatesFounded 2009quora.com

Tech Stack

Languages
PythonGoBash/Shell Scripting
Frameworks
TerraformCloudFormationKubernetes
Databases
Time-Series Databases (Prometheus, InfluxDB)Log Aggregation (ELK, Splunk)
Tools
AWS Security Tools (IAM, Security Hub, GuardDuty)Container Security (Docker, container registries, image scanning)SAST/DAST Tools (SonarQube, Burp Suite, OWASP ZAP)Vulnerability Scanning and ManagementMonitoring and Observability (Datadog, Prometheus, Grafana)CI/CD Platforms (GitHub, GitLab, Jenkins)OSQuery and eBPF Tools
Other
AWS Ecosystem and ServicesSecurity Best Practices and FrameworksLinux Kernel Security FeaturesNetwork Security ConceptsThreat Modeling and Risk Assessment

Interview Guides

5 guides available for Quora

Apply Now