Senior Security Engineer

Job description

A lot of companies say they’re “driven by their mission”. Our unique corporate structure guarantees that every decision we make upholds our mission: to make sure the internet stays available, safe, and welcoming to everyone. Beholden to neither shareholders nor investors, Mozilla Corporation is wholly owned by the not-for-profit Mozilla Foundation.

Mozilla is looking for a security engineer to drive a broad set of security initiatives at Mozilla including software design analysis, policy development, TLS standards curation and risk mitigation. To achieve these you will need

  • expertise in assessing security risks, presenting security topics to people outside of security, analyzing software and system design to identify security vulnerabilities, policy development.
  • knowledge of state of the art vulnerabilities and attack techniques, and a depth of technical expertise with designing and building tooling to scale your influence and impact.
  • outstanding interpersonal skills to partner with teams across the organization and support them in reducing their risk.

Most importantly, you will become a critical member of the team responsible for ensuring the integrity of Mozilla’s enterprise and products and for keeping Mozilla’s users safe, within a company dedicated to building a more secure internet.

Responsibilities and Duties

  • Perform long form engagements with services and product teams providing product design analysis, infrastructure auditing and participate in the iterative design process in order to identify vulnerabilities, risks and choices that would lead to increased risk down the road early and throughout the product lifecycle.
  • Develop reference architectures for common patterns that result in unnecessary risk. Document and communicate these reference architectures to teams and advocate for their adoption to mitigate risk.
  • Develop policies and guidelines to make it easier for non-security minded people to understand what to ensure their products do and don’t do. Establish company-wide web security and TLS standards, and, in partnership with operations teams and developers, automated processes to assess and enforce those standards.
  • Execute a forward looking risk prevention program that identifies areas of risk that are not well understood and lacking strong ownership, assess the risk, propose a suite of mitigations, and drive the mitigations to completion.
  • Overall administration of Mozilla’s bug bounty program.
  • Some code review of Javascript and Python as part of security incident post-mortems as well as on focussed critical pieces of software. C++ and Rust a bonus.

Technology-focused Qualifications and Skills

  • 3+ years of demonstrated ability in a security engineering role.
  • Ability to develop your own tools as needed in a variety of programming languages (eg. Python, Go, Rust, Javascript, etc.)
  • Practical experience working with cloud technologies (eg. Amazon Web Services, Google Cloud Platform, Heroku, Microsoft Azure, etc.)
  • Superb communication skills; ability to work effectively with diverse company partners.
  • Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful.


  • Ownership and Accountability
  • Autonomy
  • High Level of Integrity
  • Clear Communication
  • Creative Problem Solver
  • Passionate about Security

Developer of Internet-related applications such as the Firefox browser