Feel good about your work again

Join us.


Sr. Security Engineer-Offensive Security


Team:
Trust & Security
Locations:
Atlanta, Denver, Philadelphia, Portland, Raleigh, Remote Canada, San Antonio, Toronto, Vancouver

A lot of companies say they’re “driven by their mission”. Our unique corporate structure guarantees that every decision we make upholds our mission: to make sure the internet stays available, safe, and welcoming to everyone. Beholden to neither shareholders nor investors, Mozilla Corporation is wholly owned by the not-for-profit Mozilla Foundation.

Mozilla is looking for a senior security engineer to lead security testing for Mozilla’s products and enterprise. In this position, you will curate Mozilla’s roadmap for the security testing of our most critical assets. As such, you’ll need years of practical experience delivering security assessments, knowledge of state of the art vulnerabilities and attack techniques, and a depth of technical expertise with designing and building tooling to scale your influence and impact. You’ll also need to have outstanding interpersonal skills to partner with teams across the organization and support them in reducing their risk. Most importantly, you will become a critical member of the team responsible for ensuring the integrity of Mozilla’s enterprise and products and for keeping Mozilla’s users safe, within a company dedicated to building a more secure internet.

Responsibilities and Duties

  • Serve as the primary responsible individual at Mozilla for the successful execution of offensive security exercises (eg. pentest and red team) to advance the security posture of products and the enterprise.
  • Develop and maintain toolsets, processes, and procedures that serve to detect security vulnerabilities, evaluate risk, and communicate test results to target audiences.
  • Partner with product and infrastructure owners throughout the organization to functionally support continuous security improvement efforts, risk assessment, and purple team activities.
  • Participate as an advisory board member and domain specialist to Mozilla’s bug bounty program.

Technology-focused Qualifications and Skills

  • 3+ years of demonstrated ability in an offensive security role and/or equivalent experience working in application security, network security, vulnerability research, security scanner development, consulting.
  • Expertise with security assessment and exploitation tools (eg. ZAP, Burp, Metasploit)
  • Ability to develop your own tools as needed in a variety of programming languages (eg. Python, Go, Rust, Javascript, etc.)
  • Practical experience working with cloud technologies (eg. Amazon Web Services, Google Cloud Platform, Heroku, Microsoft Azure, etc.)
  • Superb communication and leadership capacity; ability to work effectively with diverse company partners.
  • Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful.

Competencies

  • Ownership and Accountability
  • Autonomy
  • High Level of Integrity
  • Clear Communication
  • Creative Problem Solver
  • Passionate about Security

About Mozilla

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws.

Group: D

#LI-RC1


Why Mozilla?

At Mozilla, we’re serving humanity—by maintaining a safe, open internet—while also helping the individual humans employed here to reach their personal and professional goals. With a relatively small team serving hundreds of millions of people, a culture of exploration, and a commitment to mentorship, opportunities abound to learn and grow at Mozilla.


Our values drive our actions

  • Purpose is built into our work, with our mission driving every decision
  • We challenge assumptions, the status quo, ourselves, and each other
  • We are transparent: in our code, our business partnerships, and our everyday interactions
  • We seek out people from diverse backgrounds and with perspectives different from our own
  • We pair purpose with performance and put people ahead of profit

Our impact is global

  • 700+ paid staff from over 30 countries
  • Thousands of volunteer contributors across six continents
  • 9 global offices: Mountain View, San Francisco, Portland, Vancouver, Toronto, Paris, London, Berlin, and Beijing
  • Hundreds of home offices globally

Our benefits are world-class

  • Flexible work environment (nearly half of Mozillians work remotely)
  • Industry-leading paid parental leave (up to 26 weeks of fully paid leave for childbearing parents and up to 12 weeks for non-childbearing parents)
  • Reimbursement for professional development (up to $3,000/year)
  • A work setup including the latest hardware and software of your choice