Director of Engineering - Head of Security (Remote)

About Quora

Quora’s mission is to grow and share the world’s knowledge. To do so, we have two knowledge sharing products:

• Quora: a global knowledge sharing platform with over 400M monthly unique visitors, bringing people together to share insights on various topics and providing a unique platform to learn and connect with others.
• Poe: a platform providing millions of global users with one place to chat, explore and build with a wide variety of AI language models (bots), including GPT-4, Claude 3, Gemini Pro, DALL-E 3 and more. As AI capabilities rapidly advance, Poe provides a single platform to instantly integrate and utilize these new models.

About The Team And Role

We are seeking a highly experienced Head of Security to lead the development and management of security operations for both Quora and Poe products, and to represent Quora's security interests to customers and regulatory bodies. This role encompasses a variety of responsibilities, including identifying vulnerabilities, implementing best-in-class security practices, and developing long-term security strategies. The ideal candidate will possess a proven track record in team building, engineering, and upholding the highest security standards.

Responsibilities

• Hire, lead, and manage the security team
• Lead the identification and continuous enhancement of security measures across engineering processes, products, and infrastructure
• Develop and maintain security policies, standards, and guidelines that align with organizational objectives and legal requirements, including compliance and audit planning
• Collaborate with various departments such as Legal, IT, Facilities, and Operations to develop and implement secure engineering practices
• Conduct regular security assessments and audits, ensuring compliance with industry standards
• Lead the coordinated response to security incidents, from detection to remediation, root cause analysis, and prevention
• Stay informed about emerging threats and technologies, and advise the leadership team accordingly
• Mentor and guide engineering teams on best practices for secure development, threat modeling, and testing
• Design and execute security training and awareness programs tailored for the engineering department and all employees

Minimum Requirements

• Ability to be available for meetings and impromptu communication during Quora's “coordination hours" (Mon-Fri: 9am-3pm Pacific Time)
• 8+ years of experience in Infrastructure and Information Security
• 3+ years of experience leading a team
• Proven experience in designing and securing solutions in a complex and regulated enterprise environment
• Skilled in defining security requirements and assisting teams in implementing these through collaborative architecture and engineering
• In-depth knowledge of AWS security best practices and security controls, including IAM, CloudTrail, CloudWatch, etc
• Strong understanding of security concepts, such as secure coding, encryption, and authentication
• Knowledge of industry standards like SOC 2, ISO 27001 and GDPR
• Comprehensive understanding of advanced persistent threats, attacker methodologies, attack lifecycle, and the MITRE framework

Preferred Requirements

• Experience in leading a company-wide security program that encompasses security in Infrastructure, IT, Facilities, Operations, and achieving compliance
• Experience in building secure consumer products at internet scale
• Passion for Quora's mission and goals.

Additional Information

We are accepting applications on an ongoing basis.

Quora offers a wide range of benefits including medical/dental/vision coverage, equity refreshers, remote work reimbursement, paid time off, employee assistance programs, and more. Benefits are country-specific and may vary. For more information on benefits, visit this link: https://www.careers.quora.com/benefits