Staff Security Engineer

Summary

Join Mozilla, a non-profit-backed technology company, as a Staff Security Engineer. Lead enterprise security control design and architecture across Mozilla SaaS applications and enterprise security tooling. Conduct risk assessments and security reviews for SaaS and custom-developed applications and services. Collaborate with security leadership on security strategy and prioritization of security projects. Coordinate with the Security Incident Response Team on incident retrospectives and follow up on security remediation. Ensure compliance with Mozilla security standards and relevant regulations. Evaluate and recommend new security technologies and methodologies. Assist in developing training sessions for employees to enhance cybersecurity awareness.

Requirements

• 7+ years of demonstrated ability in a security consulting or architecture role
• Practical experience with the following technologies: Identity and Access Management, Mobile Device / Application Management, Data Loss Prevention, Endpoint Detection and Response
• Practical experience securing SaaS applications such as but not limited to: Google Workspace, Box, Slack, Workday, Jira and Confluence
• Experience securing cloud technologies such as Google Cloud, Amazon Web Services and Azure
• Strong written and verbal skills; ability to work effectively with diverse company partners
• Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful

Responsibilities

• Lead enterprise security control design and architecture across Mozilla SaaS applications and enterprise security tooling
• Conduct risk assessments and security reviews for SaaS and custom-developed applications and services
• Collaborate with security leadership on security strategy and prioritization of security projects
• Coordinate with Security Incident Response Team on incident retrospectives and follow up on security remediation
• Develop and implement cybersecurity strategies, policies, and frameworks aligned with organizational goals and regulatory requirements
• Conduct periodic corporate risk assessments and recommend measures to address identified vulnerabilities
• Act as a subject matter expert for internal teams, providing guidance on securing SaaS applications, infrastructure hardening, and data protection
• Review and approve security controls in project designs and deployments
• Ensure compliance with Mozilla security standards, such as NIST, GDPR, and other relevant regulations
• Support audits, certifications, and assessments
• Evaluate and recommend new security technologies, tools, and methodologies to strengthen the organization's cybersecurity posture
• Collaborate with IT and business units to assess and integrate security solutions
• Assist in development or acquisition of training sessions for employees to enhance cybersecurity awareness across the organization
• Provide mentorship to junior cybersecurity staff
• Provide detailed reports and dashboards on the organization's security status to senior leadership
• Communicate complex technical information to non-technical stakeholders effectively

Benefits

• Generous performance-based bonus plans to all eligible employees - we share in our success as one team
• Rich medical, dental, and vision coverage
• Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
• Quarterly all-company wellness days where everyone takes a pause together
• Country specific holidays plus a day off for your birthday
• One-time home office stipend
• Annual professional development budget
• Quarterly well-being stipend
• Considerable paid parental leave
• Employee referral bonus program
• Other benefits (life/AD&D, disability, EAP, etc. varies by country)