Staff Security Engineer
at Mozilla Corporation Team: Security Locations: Remote US, Remote Canada Apply Now
To learn the Hiring Ranges for this position, please select your location from the Apply Now dropdown menu.
To learn more about our Hiring Range System, please click this
Why Mozilla?
Mozilla Corporation is the non-profit-backed technology company that has shaped the internet for the better over the last 25 years. We make pioneering brands like Firefox, the privacy-minded web browser. Now, with more than 225 million people around the world using our products each month, we’re shaping the next 25 years of technology and helping to reclaim an internet built for people, not companies. Our work focuses on diverse areas including AI, social media, security and more. And we’re doing this while never losing our focus on our core mission – to make the internet better for people.
The Mozilla Corporation is wholly owned by the non-profit 501(c) Mozilla Foundation. This means we aren’t beholden to any shareholders — only to our mission. Along with thousands of volunteer contributors and collaborators all over the world, Mozillians design, build and distribute open-source software that enables people to enjoy the internet on their terms. About this Team and Role
Mozilla is looking for a staff security engineer to assist with the design and architecture of security controls and risk reduction activities across all Mozilla product, service and support departments. To achieve these you will need:
experience assessing security risks, presenting security topics to technical and nontechnical teams.
Ability to analyze software and system design to identify security vulnerabilities using knowledge of state of the art vulnerabilities and attack techniques.
technical expertise and experience with designing and building tooling to scale and automate processes your influence and impact.
outstanding interpersonal skills to partner with teams across the organization and support them in reducing their risk.
Most importantly, you will assist the team responsible for ensuring the integrity of Mozilla’s enterprise and products and for keeping Mozilla’s users safe, within a company dedicated to building a more secure internet.
What You’ll Do Lead enterprise security control design and architecture across Mozilla SaaS applications and enterprise security tooling
Conduct risk assessments and security reviews for SaaS and custom-developed applications and services
Collaborate with security leadership on security strategy and prioritization of security projects
Coordinate with Security Incident Response Team on incident retrospectives and follow up on security remediation
Security Strategy and Governance
Develop and implement cybersecurity strategies, policies, and frameworks aligned with organizational goals and regulatory requirements.
Conduct periodic corporate risk assessments and recommend measures to address identified vulnerabilities.
Internal Consulting
Act as a subject matter expert for internal teams, providing guidance on securing SaaS applications, infrastructure hardening, and data protection.
Review and approve security controls in project designs and deployments.
Regulatory Compliance
Ensure compliance with Mozilla security standards, such as NIST, GDPR, and other relevant regulations.
Support audits, certifications, and assessments.
Technology Assessment
Evaluate and recommend new security technologies, tools, and methodologies to strengthen the organization's cybersecurity posture.
Collaborate with IT and business units to assess and integrate security solutions.
Training and Awareness
Assist in development or acquisition of training sessions for employees to enhance cybersecurity awareness across the organization.
Provide mentorship to junior cybersecurity staff.
Reporting and Communication
Provide detailed reports and dashboards on the organization's security status to senior leadership.
Communicate complex technical information to non-technical stakeholders effectively.
What You’ll Bring 7+ years of demonstrated ability in a security consulting or architecture role
Practical experience with the following technologies:
Identity and Access Management
Mobile Device / Application Management
Data Loss Prevention
Endpoint Detection and Response
Practical experience securing SaaS applications such as but not limited to: Google Workspace, Box, Slack, Workday, Jira and Confluence)
Experience securing cloud technologies such as Google Cloud, Amazon Web Services and Azure.
Strong written and verbal skills; ability to work effectively with diverse company partners.
Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful.
Competencies Ownership and Accountability
Autonomy
High Level of Integrity
Clear Communication
Creative Problem Solver
Passionate about Security
What you’ll get: Generous performance-based bonus plans to all eligible employees - we share in our success as one team
Rich medical, dental, and vision coverage
Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
Quarterly all-company wellness days where everyone takes a pause together
Country specific holidays plus a day off for your birthday
One-time home office stipend
Annual professional development budget
Quarterly well-being stipend
Considerable paid parental leave
Employee referral bonus program
Other benefits (life/AD&D, disability, EAP, etc. varies by country)
