Senior Security Engineer

Summary

Join Mozilla's growing Infrastructure Security team as a Senior Security Engineer! You will play a crucial role in protecting Mozilla's services and products from security risks. This hands-on position involves designing, implementing, and maintaining security tooling and systems, collaborating with various teams, and improving overall security posture. You will leverage your expertise in cloud security, vulnerability management, and security automation. The ideal candidate possesses strong infrastructure security knowledge, experience with major cloud stacks, and development skills in Python and Go. Mozilla offers a comprehensive benefits package, including generous performance-based bonuses, rich medical coverage, and considerable paid parental leave.

Requirements

• 3+ years of relevant hands-on experience in a cybersecurity domain designing, publishing and building security practices
• 3+ years of experience translating technical and administrative security controls into actionable platform configurations
• 3+ years of experience in any cybersecurity domain(s)
• Strong infrastructure security knowledge, from high level architectural concepts down to the implementation
• Experience securing large-scale deployments in major cloud stacks (AWS, GCP, or Azure), including automating controls and use of API functions
• Security architecture background and experience, public cloud and on-premise
• Proficiency in using Terraform and Github Actions to automate the deployment and security configuration of infrastructure
• Experience with CNAPP / CSPM / CWPP solutions
• Experience with Web Application Firewalls
• Experience with Container Security (understanding how to secure containerized applications)
• Experience in vulnerability management
• Experience working with DevOps or SRE teams to improve security within CI/CD pipelines
• Development skills primarily in Python and Go. You should feel comfortable operating the services for the code you write and documenting it for others
• Log aggregation and analysis techniques, and you're familiar with the concepts of common SIEM technology such as Splunk
• Experience in ensuring compliance with CIS benchmarks
• Soft skills (patience, communication skills, cross-functional teamwork, remote working)
• Writing documentation and proposals “skills”
• Experience work tracking in JIRA
• Interest in and ability to work with a distributed team (requires good asynchronous written communication skills as well as good verbal communication skills)
• Happy to provide and receive constructive feedback
• Will contribute by asking questions and proposing new ideas
• A love of working with others collaboratively

Responsibilities

• Protect the services our products like Firefox, Pocket, etc depend on from security risks and attacks
• Design, implement, and maintain tooling, systems and processes for securing our cloud infrastructure
• Design, review and improve the security controls of the organization
• Write, maintain, and expand security automation and monitoring tools
• Work with developers and operations across the organization to keep infrastructure safe
• Work with cross functional teams, building relationships and fostering collaboration to reach shared goals
• Continually work to improve Mozilla’s security posture by partnering and supporting other parts of the cybersecurity organization as well as contributing to improving security practices and procedures
• Help to level-up the skills of your fellow engineers through security reviews, giving talks and presentations, and/or writing documentation
• Work with driven, committed team members to bring the open web to people around the world

Preferred Qualifications

A B.S. in Computer Science or relevant certifications

Benefits

• Generous performance-based bonus plans to all eligible employees - we share in our success as one team
• Rich medical, dental, and vision coverage
• Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
• Quarterly all-company wellness days where everyone takes a pause together
• Country specific holidays plus a day off for your birthday
• One-time home office stipend
• Annual professional development budget
• Quarterly well-being stipend
• Considerable paid parental leave
• Employee referral bonus program
• Other benefits (life/AD&D, disability, EAP, etc. - varies by country)