Staff Security Engineer, Product Security

MozillaMozilla·Remote
Software Development

WFA Digital Insight

The demand for skilled security professionals has skyrocketed, with a 25% increase in job postings over the last year. As a leader in digital privacy, Mozilla is at the forefront of this movement. With millions of users relying on their products, the company needs experts who can embed security into every aspect of their software development lifecycle. If you're a seasoned security engineer looking to make a real difference, this role is an exciting opportunity to join a team that's shaping the future of the internet. Before applying, consider thatMozilla values collaboration, innovation, and a passion for user privacy.

Job Description

About the Role

As a Staff Security Engineer at Mozilla, you'll be part of a team that's dedicated to protecting users' privacy and safety. Your day-to-day work will involve embedding security into every stage of the software development lifecycle, from design to deployment. You'll work closely with cross-functional teams to identify and mitigate risks, ensuring that Mozilla's products meet the highest security standards.

The role is remote-friendly, open to candidates in the US and Canada, and offers the chance to work on a range of mission-critical products, including Firefox and Mozilla VPN. As a security expert, you'll have the opportunity to make a real impact on the company's security culture and help shape the future of the internet.

Mozilla's security team is committed to collaboration, innovation, and a passion for user privacy. If you're a seasoned security engineer looking for a new challenge, this role could be the perfect fit.

What You Will Do

  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize, and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews to identify vulnerabilities and provide recommendations for improvement
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education

What We Are Looking For

  • 5+ years of experience in security engineering or a related field
  • Strong understanding of security principles, including threat modeling, risk assessment, and mitigation
  • Experience with security testing, code reviews, and penetration testing
  • Knowledge of CI/CD pipelines and automated security testing
  • Strong communication and collaboration skills, with the ability to work with cross-functional teams
  • Experience with Agile development methodologies and version control systems (e.g., Git)
  • Strong problem-solving skills, with the ability to analyze complex security issues and develop effective solutions
  • Passion for user privacy and a commitment to making the internet a safer, more secure place

Nice to Have

  • Experience with cloud-based security solutions (e.g., AWS, Azure, Google Cloud)
  • Knowledge of containerization and orchestration technologies (e.g., Docker, Kubernetes)
  • Familiarity with security frameworks and standards (e.g., NIST, OWASP)
  • Experience with bug bounty programs and vulnerability disclosure

Benefits and Perks

  • Competitive salary and benefits package
  • Opportunity to work on a range of mission-critical products that make a real difference in users' lives
  • Collaborative, dynamic work environment with a team of experienced security professionals
  • Flexible, remote-friendly work arrangement with opportunities for professional growth and development
  • Access to cutting-edge security tools and technologies
  • Generous PTO and holiday package, with a commitment to work-life balance
  • Comprehensive health insurance and retirement savings plan
  • Opportunities for professional development and continuing education, including conference attendance and training programs

How to Stand Out

  • Make sure your resume and cover letter are tailored to the security engineering role, highlighting your relevant experience and skills.
  • Be prepared to talk about your experience with security testing, code reviews, and penetration testing, and how you've applied these skills in previous roles.
  • Show a passion for user privacy and a commitment to making the internet a safer, more secure place.
  • Be ready to discuss your knowledge of security frameworks and standards, such as NIST and OWASP.
  • Consider creating a portfolio or GitHub repository to showcase your security projects and demonstrate your skills to potential employers.
  • Don't be afraid to ask about the company culture and values during the interview process, and be prepared to talk about how you'll contribute to Mozilla's security culture.
  • Be prepared to negotiate your salary and benefits package, and don't be afraid to ask about opportunities for professional growth and development.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.