A lot of companies say they’re “driven by their mission”. Our unique corporate structure guarantees that every decision we make upholds our mission: to make sure the internet stays available, safe, and welcoming to everyone. Beholden to neither shareholders nor investors, Mozilla Corporation is wholly owned by the not-for-profit Mozilla Foundation.
Mozilla is looking for a senior security engineer to lead security testing for Mozilla’s products and enterprise. In this position, you will curate Mozilla’s roadmap for the security testing of our most critical assets. As such, you’ll need years of practical experience delivering security assessments, knowledge of state of the art vulnerabilities and attack techniques, and a depth of technical expertise with designing and building tooling to scale your influence and impact. You’ll also need to have outstanding interpersonal skills to partner with teams across the organization and support them in reducing their risk. Most importantly, you will become a critical member of the team responsible for ensuring the integrity of Mozilla’s enterprise and products and for keeping Mozilla’s users safe, within a company dedicated to building a more secure internet.
Responsibilities and Duties
- Serve as the primary responsible individual at Mozilla for the successful execution of offensive security exercises (eg. pentest and red team) to advance the security posture of products and the enterprise.
- Develop and maintain toolsets, processes, and procedures that serve to detect security vulnerabilities, evaluate risk, and communicate test results to target audiences.
- Partner with product and infrastructure owners throughout the organization to functionally support continuous security improvement efforts, risk assessment, and purple team activities.
- Participate as an advisory board member and domain specialist to Mozilla’s bug bounty program.
Technology-focused Qualifications and Skills
- 3+ years of demonstrated ability in an offensive security role and/or equivalent experience working in application security, network security, vulnerability research, security scanner development, consulting.
- Expertise with security assessment and exploitation tools (eg. ZAP, Burp, Metasploit)
- Practical experience working with cloud technologies (eg. Amazon Web Services, Google Cloud Platform, Heroku, Microsoft Azure, etc.)
- Superb communication and leadership capacity; ability to work effectively with diverse company partners.
- Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful.
- Ownership and Accountability
- High Level of Integrity
- Clear Communication
- Creative Problem Solver
- Passionate about Security
Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.
We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws.