Senior Security Engineer

Mozilla’s Infrastructure Security team is growing! We are looking for security practitioners to reduce risk in our systems and applications, and ensure our products live up to Mozilla’s dedication to privacy and a joyful Internet. This position is remote-friendly and open to most locations in the US and Canada.

Why Mozilla?

Mozilla Corporation is the non-profit-backed technology company behind pioneering brands like Firefox, the privacy-minded web browser, and Pocket, the content discovery platform. More than 270 million people around the world use its products each month.

Along with 20,000+ volunteer contributors and collaborators all over the world, Mozilla Corporation’s staff are driven by our vision to be the trusted guide through a joyful internet. We design, build and distribute software that enables people to enjoy the internet on their terms.

Working closely with partners across IT, Site Reliability Engineering (SRE), along with other departments across Mozilla, the Security Engineer ensures that systems and services are secured through the implementation of technical and administrative security controls.

As a Security Engineer at Mozilla, you will…

• Protect the services our products like Firefox, Mozilla VPN, Pocket, etc depend on from attacks and abuses
• Design, build and deploy security frameworks such as cloud security, intrusion detection, vulnerability and patch management, application security services, system hardening, etc.
• Design, review and improve the security controls of the organization
• Write, maintain, and expand security automation and monitoring tools
• Work with developers and operations across the organization to keep infrastructure safe
• Translate technical and administrative security controls into platform security standards.
• Define, refine, publish and evangelize the resulting cost effective security standards, ensuring accurate translation into platform configurations.
• Continually work to improve Mozilla’s security posture by partnering and supporting other parts of the cybersecurity organization.

Successful candidates will have meaningful experience in one or more areas like GCP/AWS/Azure cloud security techniques, data security methodologies, vulnerability management and have extensive experience with security in all varieties of infrastructure.

You will be hardening and guiding recommendations for Mozilla’s systems and networks, infrastructure, application security services, and company assets, while ensuring the mission of privacy and security is upheld at all times. This is a hands-on role, and you will collaborate with other teams to guide proper security practices throughout the company.

Your Professional Profile:

• 3+ years of relevant hands-on experience in a cybersecurity domain designing, publishing and building security practices.
• 3+ years of experience translating technical and administrative security controls into actionable platform configurations.
• 3+ years of experience managing cybersecurity lifecycle management.
• 3+ years of experience in any cybersecurity domain(s).

You will need:

• Strong infrastructure security knowledge, from high level architectural concepts down to the implementation.
• Security architecture background and experience, public cloud and on-premise.
• Cloud Architecture background
• Experience with Terraform
• Experience securing large-scale deployments in major cloud stacks (AWS, GCP, or Azure), including automating controls and use of API functions.
• A significant role in the operation of vulnerability management 
• Development skills primarily in Python and Go. You should feel comfortable operating the services for the code you write and documenting it for others.
• Log aggregation and analysis techniques, and you're familiar with the concepts of common SIEM technology such as Splunk.
• A B.S. in Computer Science or relevant certifications would be lovely, but passion, curiosity, and real-world experience are preferred.
• Experience in ensuring compliance with CIS benchmarks

About Mozilla 

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

Commitment to diversity, equity, inclusion, and belonging

Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company’s core mission.  We encourage applications from everyone, including members of all equity-seeking communities, such as (but certainly not limited to) women, racialized and Indigenous persons, persons with disabilities, persons of all sexual orientations, gender identities, and expressions.

We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at hiringaccommodation@mozilla.com to request accommodation.

We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws.  Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior, conduct, or purpose.

Group: D

#LI-REMOTE

Req ID: R2307