Staff Security Engineer – Product Security

Job not on LinkedIn

2 days ago

Apply Now

Receive Emails with Similar Jobs

Mozilla

WebsiteLinkedInAll Job Openings

B2C • Cybersecurity • Software

Mozilla is a non-profit organization dedicated to promoting an open and accessible internet. They are the makers of the popular Firefox browser, which emphasizes user privacy, speed, and control. Mozilla also offers a range of products that focus on internet security and privacy, including Mozilla VPN, Firefox Relay, and Mozilla Monitor. Additionally, the organization is involved in open-source projects, AI innovation, and advocating for digital rights. Mozilla aims to empower users with trustworthy technology and policies that protect privacy, support open-source AI development, and foster accountability for tech companies.

501 - 1000 employees

Founded 1998

👥 B2C

🔒 Cybersecurity

📋 Description

• Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products. • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC). • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation. • Perform security code reviews. • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts. • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early. • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases. • Help define and enforce security policies and provide security guidance to development teams. • Help shape Mozilla's security culture through collaboration, guidance, and education.

🎯 Requirements

• 5+ years of relevant hands-on experience in product and application security. • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment. • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review. • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation. • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams. • Formal credentials are great, but real-world experience, curiosity, passion and a builder’s mindset matter more.

🏖️ Benefits

• Generous performance-based bonus plans to all eligible employees - we share in our success as one team • Rich medical, dental, and vision coverage • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute) • Quarterly all-company wellness days where everyone takes a pause together • Country specific holidays plus a day off for your birthday • One-time home office stipend • Annual professional development budget • Quarterly well-being stipend • Considerable paid parental leave • Employee referral bonus program • Other benefits (life/AD&D, disability, EAP, etc. - varies by country)