Staff Security Engineer, Product Security

About the Role

The security team at Mozilla is dedicated to building, breaking, and hardening products to protect millions of users worldwide. As a Staff Security Engineer, you will work closely with development teams to integrate security throughout the software development lifecycle, providing security guidance, developing secure solutions, and facilitating secure releases.

What You Will Do

• Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products.
• Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC).
• Anticipate, prioritize, and mitigate risks through proactive threat modeling, security assessments, security testing, and automation.
• Perform security code reviews to identify vulnerabilities and guide remediation efforts.
• Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts.
• Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early.
• Partner with engineers to integrate security throughout the software development lifecycle.
• Help define and enforce security policies and provide security guidance to development teams.
• Help shape Mozilla's security culture through collaboration, guidance, and education.

What We Are Looking For

• Expertise in secure coding practices, application security tools (SAST, DAST), and a strong understanding of modern architecture, cloud environments (AWS, Azure, GCP), and various programming languages.
• Experience in security code reviews, penetration testing, and security assessments.
• Strong understanding of security principles, including threat modeling, risk management, and secure design patterns.
• Experience working with development teams to integrate security into the software development lifecycle.
• Excellent communication and collaboration skills, with the ability to guide remediation efforts and provide security guidance to development teams.
• Experience with automated security testing and CI/CD pipelines.
• Strong problem-solving skills, with the ability to analyze complex security issues and develop effective solutions.

Nice to Have

• Experience with cloud security, containerization, and serverless architecture.
• Familiarity with agile development methodologies and DevOps practices.
• Experience with security orchestration, automation, and response (SOAR) tools.
• Certification in security, such as CISSP, CEH, or OSCP.

Benefits and Perks

• Competitive salary and benefits package.
• Opportunity to work on high-impact projects that protect millions of users worldwide.
• Collaborative and dynamic work environment with a team of experienced security professionals.
• Flexible working hours and remote work options.
• Professional development opportunities, including training and conference attendance.
• Access to the latest security tools and technologies.

• When applying for this role, be sure to highlight your experience with secure coding practices, application security tools, and cloud environments.
• Showcase your ability to collaborate with development teams and provide security guidance.
• Be prepared to discuss your approach to threat modeling, risk management, and secure design patterns.
• Familiarize yourself with Mozilla's products and security culture to demonstrate your passion for the company's mission.
• Consider including examples of your experience with automated security testing and CI/CD pipelines in your application.
• Be prepared to discuss your experience with security code reviews, penetration testing, and security assessments during the interview process.