Staff Security Engineer

MozillaMozilla·Remote
Software Development

WFA Digital Insight

The demand for skilled security professionals has grown significantly, with a focus on remote work and digital skills. Mozilla stands out as a pioneer in shaping the internet for the better, and this role offers the chance to be part of a team dedicated to building a more secure internet. With the global threat landscape evolving, companies like Mozilla are seeking experts who can respond quickly and effectively to security incidents, making this a highly sought-after skill set. As a leader in the tech industry, Mozilla's commitment to a more secure internet aligns with the growing need for online safety, with over 225 million people using their products each month.

Job Description

About the Role

As a Staff Security Engineer at Mozilla, you will be a critical member of the team responsible for ensuring the integrity of Mozilla's products and keeping users safe. This role entails identifying and responding to security incidents on a global scale, acting as an incident commander, and driving incidents through the entire response lifecycle. You will be working closely with diverse stakeholders to maintain a continuously improving feedback loop of preparation, identification, analysis, containment, and post-mortem activities.

The team you will be joining is focused on handling security incidents and is part of a larger effort to build a more secure internet. Your work will have a direct impact on the security of Mozilla's products and services, used by millions worldwide. Mozilla's mission-driven approach means that your work will not only be challenging but also contribute to a better internet for all.

Mozilla's products, such as Firefox, have been pioneering in the field of privacy and security, and this role is key to continuing that legacy. The company's commitment to open-source software and community involvement also offers a unique environment for collaboration and innovation.

What You Will Do

  • Identify and respond to security incidents on a global scale, utilizing your expertise in threat intelligence and incident response.
  • Act as an incident commander to drive incidents through the entire response lifecycle, ensuring effective communication and collaboration with stakeholders.
  • Design and maintain a portfolio of security alerts, automated actions, playbooks, and escalation workflows to support a high-performing 24/7 incident response capability.
  • Conduct threat hunting activities to anticipate future threats and develop forward-thinking strategies for combating sophisticated threat actors.
  • Research threat intelligence reports, triage, and manage resulting workflows to ensure timely and effective response to emerging threats.
  • Partner with key stakeholders to communicate effectively and maintain a continuously improving feedback loop of preparation, identification, analysis, containment, and post-mortem activities.
  • Participate in on-call rotation to ensure 24/7 coverage for security incidents.
  • Collaborate with the development team to ensure security is integrated into the product development lifecycle.
  • Stay up-to-date with the latest security trends, technologies, and methodologies to continuously improve Mozilla's security posture.

What We Are Looking For

  • Years of practical security experience, with a strong background in incident response and threat intelligence.
  • Knowledge of the state of the art for detecting and responding to attacks, including experience with security alerts, playbooks, and escalation workflows.
  • Outstanding communication and collaboration skills, with the ability to work in partnership with diverse stakeholders.
  • Experience in designing and maintaining security systems, including automated actions and workflows.
  • Strong analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective solutions.
  • Experience working in a fast-paced, dynamic environment, with the ability to adapt to changing priorities and threats.
  • Strong understanding of security principles, including confidentiality, integrity, and availability.

Nice to Have

  • Experience with open-source software development and community involvement.
  • Knowledge of cloud security, including AWS, Azure, or Google Cloud.
  • Experience with containerization technologies, such as Docker.
  • Familiarity with agile development methodologies and version control systems, such as Git.

Benefits and Perks

  • The opportunity to work on a product that millions of people use every day.
  • A competitive salary and benefits package.
  • The chance to work with a talented team of professionals who are passionate about building a better internet.
  • Flexible working hours and remote work options.
  • Professional development opportunities, including training and conference attendance.
  • Access to the latest technologies and tools.
  • A fun and dynamic work environment.

How to Stand Out

  • When applying, make sure to highlight your experience in incident response and threat intelligence, and be prepared to provide specific examples of your work.
  • Showcase your ability to communicate complex security issues effectively to both technical and non-technical stakeholders.
  • Demonstrate your knowledge of security principles and your ability to apply them in real-world scenarios.
  • Be prepared to discuss your experience with security tools and technologies, and how you stay up-to-date with the latest security trends.
  • Consider creating a portfolio that showcases your security projects and accomplishments, and be prepared to walk the interviewer through your thought process and decision-making.
  • Don't be afraid to ask questions during the interview, such as what a typical day looks like in the role, or what opportunities there are for professional development and growth.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.