Mobile Security Engineer
Home-based in multiple countries or in one of our global offices
We're looking for a top-notch security engineer with a specialty in mobile and application security. In this role you will work directly on Mozilla’s FirefoxOS (Boot2Gecko) project to ensure the ongoing security of the platform and users. In this role you will analyze and assess the security of the FirefoxOS (Boot2Gecko) architecture and core applications. In addition you'll monitor current mobile and web attack trends to ensure our technologies are resilient to emerging attack techniques. This role is an exciting blend of hands-on technical security and bigger picture thinking to ensure our systems integrate effective security controls in a constantly evolving technology landscape.
Responsibilities:
* Security threat modeling of new features and architectural changes
* Code review, threat modeling and design analysis of FirefoxOS (Boot2Gecko) Architecture, Web APIs and Gaia applications
* Penetration testing and code review of high risk features and components
* Documentation of security risks, interaction with developers, and continued focus to ensure security vulnerabilities are fixed
* Continued security research into top threats for platform and technology
* Coordination with security fuzzing experts to identify key areas for fuzzing focus
* Inbound triage and response to security vulnerabilities
* Documentation and publication of security advisories
Requirements:
* BS in Computer Science or equivalent experience
* Solid understanding of web application attack vectors and countermeasures
* Experience working on a mobile security assessments or mobile platform analysis
* Experience assessing the risk of applications including traditional server side web applications and thick client mobile applications
* Experience with security code review, threat modeling, architectural analysis and risk assessments for web based systems
* Demonstrated experience with finding common web application security issues (XSS, CSRF, session fixation, SQL injection, information leakage, etc.)
* Solid understanding of Android and iOS security models
* Mobile OS experience is a plus
* Strong Linux/Unix background with scripting abilities
* Participation in and contributions to Open Source projects
Mozilla is a global organization, and most roles are available for remote work, but if you are near one of our offices, we're happy to provide you with a desk and the company of talented peers.
Possible locations for this position are remote or in-office in Canada, the U.K., France, New Zealand, or the U.S., or remote in Australia, Denmark, Germany, the Netherlands, Poland, or Sweden.
Responsibilities:
* Security threat modeling of new features and architectural changes
* Code review, threat modeling and design analysis of FirefoxOS (Boot2Gecko) Architecture, Web APIs and Gaia applications
* Penetration testing and code review of high risk features and components
* Documentation of security risks, interaction with developers, and continued focus to ensure security vulnerabilities are fixed
* Continued security research into top threats for platform and technology
* Coordination with security fuzzing experts to identify key areas for fuzzing focus
* Inbound triage and response to security vulnerabilities
* Documentation and publication of security advisories
Requirements:
* BS in Computer Science or equivalent experience
* Solid understanding of web application attack vectors and countermeasures
* Experience working on a mobile security assessments or mobile platform analysis
* Experience assessing the risk of applications including traditional server side web applications and thick client mobile applications
* Experience with security code review, threat modeling, architectural analysis and risk assessments for web based systems
* Demonstrated experience with finding common web application security issues (XSS, CSRF, session fixation, SQL injection, information leakage, etc.)
* Solid understanding of Android and iOS security models
* Mobile OS experience is a plus
* Strong Linux/Unix background with scripting abilities
* Participation in and contributions to Open Source projects
Mozilla is a global organization, and most roles are available for remote work, but if you are near one of our offices, we're happy to provide you with a desk and the company of talented peers.
Possible locations for this position are remote or in-office in Canada, the U.K., France, New Zealand, or the U.S., or remote in Australia, Denmark, Germany, the Netherlands, Poland, or Sweden.
- Team:
- Security
Security: Open Positions
Why Mozilla?
Mozilla is a thriving community of intelligent, principled and passionate individuals who build software to preserve choice, openness, and innovation on the Internet. We work in the open on hard problems to ensure that the future of the Web is not dominated by large corporate interests, but driven by the idea that individual users should always be in control or their online lives. Join us!
We Are Global
- 500+ paid staff from over 30 countries and 25 US states
- Thousands of active contributors across six continents
- Nine principal offices: Mt. View, San Francisco, Vancouver, Toronto, Auckland, Paris, London, Beijing, Taipei
- Hundreds of home offices around the world
And so are our benefits...
- Competitive pay
- Great health coverage
- Travel and conference budgets
- Ability to work using the latest hardware and software of your choice
- Dozens of technical brownbags and invited speakers each month
Because we love what we do!
- We take bold technical leaps
- We code in the open and we ship in the open
- We directly impact over 450 Million users
- We build technology for the benefit of the Web's users and creators
- We work in a culture defined by principles over profits