A lot of companies say they’re “driven by their mission”. Our unique corporate structure guarantees that every decision we make upholds our mission: to make sure the internet stays available, safe, and welcoming to everyone. Beholden to neither shareholders nor investors, Mozilla Corporation is wholly owned by the not-for-profit Mozilla Foundation.

Mozilla is looking for a security engineer to drive a broad set of security initiatives at Mozilla including software design analysis, policy development, TLS standards curation and risk mitigation. To achieve these you will need

• expertise in assessing security risks, presenting security topics to people outside of security, analyzing software and system design to identify security vulnerabilities, policy development.
• knowledge of state of the art vulnerabilities and attack techniques, and a depth of technical expertise with designing and building tooling to scale your influence and impact.
• outstanding interpersonal skills to partner with teams across the organization and support them in reducing their risk.

Most importantly, you will become a critical member of the team responsible for ensuring the integrity of Mozilla’s enterprise and products and for keeping Mozilla’s users safe, within a company dedicated to building a more secure internet.

Responsibilities and Duties

• Perform long form engagements with services and product teams providing product design analysis, infrastructure auditing and participate in the iterative design process in order to identify vulnerabilities, risks and choices that would lead to increased risk down the road early and throughout the product lifecycle.
• Develop reference architectures for common patterns that result in unnecessary risk. Document and communicate these reference architectures to teams and advocate for their adoption to mitigate risk.
• Develop policies and guidelines to make it easier for non-security minded people to understand what to ensure their products do and don’t do. Establish company-wide web security and TLS standards, and, in partnership with operations teams and developers, automated processes to assess and enforce those standards.
• Execute a forward looking risk prevention program that identifies areas of risk that are not well understood and lacking strong ownership, assess the risk, propose a suite of mitigations, and drive the mitigations to completion.
• Overall administration of Mozilla’s bug bounty program.
• Some code review of Javascript and Python as part of security incident post-mortems as well as on focussed critical pieces of software. C++ and Rust a bonus.

Technology-focused Qualifications and Skills

• 3+ years of demonstrated ability in a security engineering role.
• Ability to develop your own tools as needed in a variety of programming languages (eg. Python, Go, Rust, Javascript, etc.)
• Practical experience working with cloud technologies (eg. Amazon Web Services, Google Cloud Platform, Heroku, Microsoft Azure, etc.)
• Superb communication skills; ability to work effectively with diverse company partners.
• Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful.

Competencies

• Ownership and Accountability
• Autonomy
• High Level of Integrity
• Clear Communication
• Creative Problem Solver
• Passionate about Security

About Mozilla

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

Commitment to diversity, equity, inclusion, and belonging

Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company’s core mission. We encourage applications from everyone, including members of all equity-seeking communities, such as (but certainly not limited to) women, racialized and Indigenous persons, persons with disabilities, persons of all sexual orientations, gender identities and expressions.

We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at [email protected] to request accommodation.

We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws. Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior, conduct, or purpose.

Group: C

#LI-REMOTE