Staff Security Engineer, Product Security

Mozilla

3 months ago

Remote, Canada +2 more

Staff+

H1B Sponsor

Responsibilities

Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products.
Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC).
Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation.
Perform security code reviews.
Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts.
Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early.
Partner with engineers to integrate security throughout the software development lifecycle.
Help define and enforce security policies and provide security guidance to development teams.
Help shape Mozilla's security culture through collaboration, guidance, and education.

5+ years of relevant hands-on experience in product and application security.
5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment.
Experience in one or more languages like Python, Go, Java, or JavaScript.
Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation.
Strong communication, collaboration, and problem-solving skills.
Real-world experience, curiosity, passion, and a builder’s mindset are valued over formal credentials.

AWSAzureGoGoogle Cloud PlatformJavaJavaScriptPython