Mozilla is looking for a Security Researcher to join the hunt for security bugs in our desktop and mobile browsers. As part of the Firefox Security Testing team, you will audit new features for security flaws, guide engineering efforts through security research and develop tooling and automation to eradicate classes of security bugs in the Firefox codebase. If you’re passionate about security research and you want to be part of an elite team fighting to protect users and a free and open web, we want to hear from you!
As a Security Researcher at Mozilla, you will…
- Hunt for vulnerabilities in Firefox desktop and mobile browsers
- Perform security testing/code review of new features to identify security flaws
- Analyse security flaws to identify root cause/systemic issues and potential mitigations
- Develop tools (e.g static analysis, instrumentation, testing frameworks) to scale assurance and eradicate security bug classes
- Perform security research to guide development practices for engineering teams and inform the development of future security
- Work closely with our Fuzzing team to improve our fuzzing techniques, gain coverage of new features and investigate potential security issues
- Experience in security auditing, code review and security testing
- Proficient in finding and analysing security flaws in native code - i.e. through code auditing, debugging, code instrumentation etc
- Sufficient C++ experience to audit for security flaws, and understand approaches to mitigate common issues
- Deep understanding of browser & web security models
Things that would help you stand out:
- Track record of finding security bugs in dynamic architectural targets (web, cryptography, mobile, network) and/or participating in CTFs
- Familiarity with browser internals such as JS Engines, CSS, Graphics, Extensions, network protocols etc
- Low-level systems programming experience (especially C++, but also C and/or Rust a bonus)
- Strong OS security knowledge (Windows, OSX and Linux), especially familiarity with sandboxing and other vulnerability mitigation techniques
- Disassembly/reversing skills
- Static Analysis experience
Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.
We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.