Director of Engineering - Head of Security

[ Quora is a 'remote-first' company . This position can be performed remotely from multiple countries around the world. Please visit careers.quora.com/eligible-countries for details regarding employment eligibility by country.]

About Quora:

Quora’s mission is to grow and share the world’s knowledge. To do so we have two knowledge sharing products:

• Quora : a global knowledge sharing platform with over 400M monthly unique visitors bringing people together to share insights on various topics and providing a unique platform to learn and connect with others.

• Poe : a platform providing millions of global users with one place to chat explore and build with a wide variety of AI language models (bots) including GPT-4 Claude 3 Gemini Pro DALL-E 3 and more. As AI capabilities rapidly advance Poe provides a single platform to instantly integrate and utilize these new models.

Behind these products are passionate collaborative and high-performing global teams. We have a culture rooted in transparency idea-sharing and experimentation that allows us to celebrate success and grow together through meaningful work. Join us on this journey to create a positive impact and make a significant change in the world.

About the Team and Role:

We are seeking a highly experienced Head of Security to lead the development and management of security operations for both Quora and Poe products and to represent Quora's security interests to customers and regulatory bodies. This role encompasses a variety of responsibilities including identifying vulnerabilities implementing best-in-class security practices and developing long-term security strategies. The ideal candidate will possess a proven track record in team building engineering and upholding the highest security standards.

Responsibilities:

• Hire lead and manage the security team

• Lead the identification and continuous enhancement of security measures across engineering processes products and infrastructure

• Develop and maintain security policies standards and guidelines that align with organizational objectives and legal requirements including compliance and audit planning

• Collaborate with various departments such as Legal IT Facilities and Operations to develop and implement secure engineering practices

• Conduct regular security assessments and audits ensuring compliance with industry standards

• Lead the coordinated response to security incidents from detection to remediation root cause analysis and prevention

• Stay informed about emerging threats and technologies and advise the leadership team accordingly

• Mentor and guide engineering teams on best practices for secure development threat modeling and testing

• Design and execute security training and awareness programs tailored for the engineering department and all employees

• Collaborate with senior leadership and other functions (Product IT HR Finance and Legal) to ensure that company culture values and strategies are integrated into practical security applications

Minimum Requirements:

• Ability to be available for meetings and impromptu communication during Quora's “ coordination hours ' (Mon-Fri: 9am-3pm Pacific Time)

• 8+ years of experience in Infrastructure and Information Security

• 3+ years of experience leading a team

• Proven experience in designing and securing solutions in a complex and regulated enterprise environment

• Skilled in defining security requirements and assisting teams in implementing these through collaborative architecture and engineering

• In-depth knowledge of AWS security best practices and security controls including IAM CloudTrail CloudWatch etc

• Strong understanding of security concepts such as secure coding encryption and authentication

• Ability to communicate complex subjects regarding strategic and tactical cybersecurity processes to partners of varying technical levels

• Knowledge of industry standards like SOC 2 ISO 27001 and GDPR

• Comprehensive understanding of advanced persistent threats attacker methodologies attack lifecycle and the MITRE framework

Preferred Requirements:

• Experience in leading a company-wide security program that encompasses security in Infrastructure IT Facilities Operations and achieving compliance

• Experience in building secure consumer products at internet scale

• Passion for Quora's mission and goals.

At Quora we value diversity and inclusivity and welcome individuals from all backgrounds including marginalized or underrepresented groups in tech to apply for our job openings. We encourage all candidates who share a passion for growing the world’s knowledge even those who may not strictly meet all the preferred requirements to apply as we know that a diverse range of perspectives can have a significant impact on our products and our culture.

Additional Information:

We are accepting applications on an ongoing basis.

Quora offers a wide range of benefits including medical/dental/vision coverage equity refreshers remote work reimbursement paid time off employee assistance programs and more. Benefits are country-specific and may vary. For more information on benefits visit this link: https://www.careers.quora.com/benefits

There are many factors that will determine the starting pay including but not limited to experience location education and business needs.

• US candidates only: For US based applicants the salary range is $236400 - $373875 USD + equity + benefits.

• Canada candidates only: For Canada based applicants the salary range is $243010 - $384328 CAD + equity + benefits.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race religion color national origin gender sexual orientation age marital status veteran status or disability status.

Job Applicant Privacy Notice: https://www.careers.quora.com/applicant-privacy-notice

#LI-SS2 #LI-REMOTE