Staff Security Engineer - Product Security

To learn the Hiring Ranges for this position please select your location from the Apply Now dropdown menu.

To learn more about our Hiring Range System please click this link.

Why Mozilla?

Mozilla Corporation is the non-profit-backed technology company that has shaped the internet for the better over the last 25 years. We make pioneering brands like Firefox the privacy-minded web browser. Now with more than 225 million people around the world using our products each month we’re shaping the next 25 years of technology and helping to reclaim an internet built for people not companies. Our work focuses on diverse areas including AI social media security and more. And we’re doing this while never losing our focus on our core mission – to make the internet better for people.

The Mozilla Corporation is wholly owned by the non-profit 501(c) Mozilla Foundation. This means we aren’t beholden to any shareholders — only to our mission. Along with thousands of volunteer contributors and collaborators all over the world Mozillians design build and distribute open-source software that enables people to enjoy the internet on their terms.

About this team and role:

At Mozilla we believe the internet is a global public resource—open and accessible to all. As a Staff Security Engineer you'll protect that vision by building breaking and hardening products that put people’s privacy and safety first. We are looking for a security practitioner to reduce risk in applications and ensure our products live up to Mozilla’s dedication to privacy and a joyful Internet. This position is remote-friendly and open to most locations in the US and Canada.

What you’ll do:

• Safeguard millions of users by embedding security into Firefox Mozilla VPN and other mission-critical products.

• Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC).

• Anticipate prioritize and mitigate risks through proactive threat modeling security assessments security testing and automation.

• Perform security code reviews

• Lead penetration testing on web mobile and embedded applications then guide remediation efforts.

• Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early.

• Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought but as a core design principle. Provide security guidance develop secure solutions and facilitate secure releases.

• Help define and enforce security policies and provide security guidance to development teams.

• Help shape Mozilla's security culture through collaboration guidance and education.

This role requires expertise in secure coding practices application security tools (SAST DAST) and a strong understanding of modern architecture cloud environments (AWS Azure GCP) and various programming languages.

You'll get to be deeply hands-on—testing hardening and building systems that protect millions of users every day.

What you’ll bring:

• 5+ years of relevant hands-on experience in product and application security.

• 5+ years of experience and proficiency in secure coding practices application security testing (SAST DAST) threat modeling and vulnerability assessment.

• Experience in one or more languages like Python Go Java or JavaScript required for automation and code review.

• Familiarity with security tools like Burp Suite Nessus and tools for CI/CD automation.

• Strong communication collaboration and problem-solving skills with the ability to influence and guide cross-functional teams.

• Formal credentials are great but real-world experience curiosity passion and a builder’s mindset matter more.

What you’ll get:

• Generous performance-based bonus plans to all eligible employees - we share in our success as one team

• Rich medical dental and vision coverage

• Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)

• Quarterly all-company wellness days where everyone takes a pause together

• Country specific holidays plus a day off for your birthday

• One-time home office stipend

• Annual professional development budget

• Quarterly well-being stipend

• Considerable paid parental leave

• Employee referral bonus program

• Other benefits (life/AD&D disability EAP etc. - varies by country)

About Mozilla

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

Commitment to diversity equity inclusion and belonging

Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company’s core mission.  We encourage applications from everyone including members of all equity-seeking communities such as (but certainly not limited to) women racialized and Indigenous persons persons with disabilities persons of all sexual orientations gender identities and expressions.

We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process to perform essential job functions and to receive other benefits and privileges of employment as appropriate. Please contact us at [email protected] to request accommodation.

We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture) religion (including religious grooming and dress practices) gender gender identity gender expression color national origin pregnancy ancestry domestic partner status disability sexual orientation age genetic predisposition medical condition marital status citizenship status military or veteran status or any other basis covered by applicable laws.  Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior conduct or purpose.

Group: C

#LI-DNI

Req ID: R2987