Staff Security Engineer, Product Security

Why Mozilla?

Mozilla Corporation is the non-profit-backed technology company that has shaped the internet for the better over the last 25 years. We make pioneering brands like Firefox, the privacy-minded web browser. Now, with more than 225 million people around the world using our products each month, we’re shaping the next 25 years of technology and helping to reclaim an internet built for people, not companies. Our work focuses on diverse areas including AI, social media, security and more. And we’re doing this while never losing our focus on our core mission – to make the internet better for people. 

The Mozilla Corporation is wholly owned by the non-profit 501(c) Mozilla Foundation. This means we aren’t beholden to any shareholders — only to our mission. Along with thousands of volunteer contributors and collaborators all over the world, Mozillians design, build and distribute open-source software that enables people to enjoy the internet on their terms. 

About this team and role:

At Mozilla, we believe the internet is a global public resource—open and accessible to all. As a Staff Security Engineer, you'll protect that vision by building, breaking, and hardening products that put people’s privacy and safety first. We are looking for a security practitioner to reduce risk in applications, and ensure our products live up to Mozilla’s dedication to privacy and a joyful Internet. This position is remote-friendly and open to most locations in the US and Canada. 

What you’ll do:

• Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products.
• Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC). 
• Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation.
• Perform security code reviews 
• Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts. 
• Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early. 
• Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases. 
• Help define and enforce security policies and provide security guidance to development teams. 
• Help shape Mozilla's security culture through collaboration, guidance, and education.

This role requires expertise in secure coding practices, application security tools (SAST, DAST), and a strong understanding of modern architecture, cloud environments (AWS, Azure, GCP), and various programming languages.

You'll get to be deeply hands-on—testing, hardening, and building systems that protect millions of users every day. 

What you’ll bring:

• 5+ years of relevant hands-on experience in product and application security.
• 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment.
• Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review. 
• Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation. 
• Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams.
• Formal credentials are great, but real-world experience, curiosity, passion and a builder’s mindset matter more.

What you’ll get:

• Generous performance-based bonus plans to all eligible employees - we share in our success as one team
• Rich medical, dental, and vision coverage
• Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
• Quarterly all-company wellness days where everyone takes a pause together
• Country specific holidays plus a day off for your birthday
• One-time home office stipend
• Annual professional development budget
• Quarterly well-being stipend
• Considerable paid parental leave
• Employee referral bonus program
• Other benefits (life/AD&D, disability, EAP, etc. - varies by country)

About Mozilla 

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

Commitment to diversity, equity, inclusion, and belonging

Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company’s core mission.  We encourage applications from everyone, including members of all equity-seeking communities, such as (but certainly not limited to) women, racialized and Indigenous persons, persons with disabilities, persons of all sexual orientations, gender identities, and expressions.

We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at [email protected] to request accommodation.

We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws.  Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior, conduct, or purpose.

Group: C

#LI-REMOTE

Req ID: R2987