Senior Security Engineer, Infrastructure Security

To learn more about our Hiring Range System, please click this link.

Why Mozilla?

Mozilla Corporation is the non-profit-backed technology company that has shaped the internet for the better over the last 25 years. We make pioneering brands like Firefox, the privacy-minded web browser, and Pocket, a service for keeping up with the best content online. Now, with more than 225 million people around the world using our products each month, we’re shaping the next 25 years of technology and helping to reclaim an internet built for people, not companies. Our work focuses on diverse areas including AI, social media, security and more. And we’re doing this while never losing our focus on our core mission – to make the internet better for people. 

The Mozilla Corporation is wholly owned by the non-profit 501(c) Mozilla Foundation. This means we aren’t beholden to any shareholders — only to our mission. Along with thousands of volunteer contributors and collaborators all over the world, Mozillians design, build and distribute open-source software that enables people to enjoy the internet on their terms. 

About this team and role:

Mozilla’s Infrastructure Security team is growing! We are looking for security practitioners to reduce risk in our systems and applications, and ensure our products live up to Mozilla’s dedication to privacy and a joyful Internet. 

Working closely with partners across Site Reliability Engineering (SRE), IT, and along with other departments across Mozilla, the Security Engineer ensures that systems and services are secured through the implementation of technical and administrative security controls. 

Successful candidates will have meaningful experience in one or more areas like GCP/AWS/Azure cloud security techniques, data security methodologies, vulnerability management and have extensive experience with security in all varieties of infrastructure.

 As a Senior Security Engineer, you will be hardening and guiding recommendations for Mozilla’s systems and networks, infrastructure, application security services, and company assets, while ensuring the mission of privacy and security is upheld at all times. This is a hands-on role, and you will collaborate with other teams to guide proper security practices throughout the company.

What you’ll do: 

• Protect the services our products like Firefox, Pocket, etc depend on from security risks and attacks
• Design, implement, and maintain tooling, systems and processes for securing our cloud infrastructure
• Design, review and improve the security controls of the organization
• Write, maintain, and expand security automation and monitoring tools
• Work with developers and operations across the organization to keep infrastructure safe
• Work with cross functional teams, building relationships and fostering collaboration to reach shared goals
• Continually work to improve Mozilla’s security posture by partnering and supporting other parts of the cybersecurity organization as well as contributing to improving security practices and procedures
• Help to level-up the skills of your fellow engineers through security reviews, giving talks and presentations, and/or writing documentation
• Work with driven, committed team members to bring the open web to people around the world

What you’ll bring: 

• 3+ years of relevant hands-on experience in a cybersecurity domain designing, publishing and building security practices.
• 3+ years of experience translating technical and administrative security controls into actionable platform configurations.
• 3+ years of experience in any cybersecurity domain(s).
• A B.S. in Computer Science or relevant certifications would be lovely, but passion, curiosity, and real-world experience are preferred.
• Strong infrastructure security knowledge, from high level architectural concepts down to the implementation
• Experience securing large-scale deployments in major cloud stacks (AWS, GCP, or Azure), including automating controls and use of API functions.
• Security architecture background and experience, public cloud and on-premise.
• Proficiency in using Terraform and Github Actions to automate the deployment and security configuration of infrastructure 
• Experience with CNAPP / CSPM / CWPP solutions
• Experience with Web Application Firewalls
• Experience with Container Security (understanding how to secure containerized applications)
• Experience in vulnerability management 
• Experience working with DevOps or SRE teams to improve security within CI/CD pipelines
• Development skills primarily in Python and Go. You should feel comfortable operating the services for the code you write and documenting it for others.
• Log aggregation and analysis techniques, and you're familiar with the concepts of common SIEM technology such as Splunk.
• Experience in ensuring compliance with CIS benchmarks
• Soft skills (patience, communication skills, cross-functional teamwork, remote working)
• Writing documentation and proposals “skills”
• Experience work tracking in JIRA
• Interest in and ability to work with a distributed team (requires good asynchronous written communication skills as well as good verbal communication skills)
• Happy to provide and receive constructive feedback
• Will contribute by asking questions and proposing new ideas
• A love of working with others collaboratively
• Commitment to our values:
• Welcoming differences
• Being relationship-minded
• Practicing responsible participation
• Having grit

If your experience is close but doesn’t fulfill all requirements, please apply! Mozilla has a commitment to furthering our values by hiring individuals with diverse backgrounds, perspectives, and experiences.

What you’ll get:

• Generous performance-based bonus plans to all eligible employees - we share in our success as one team
• Rich medical, dental, and vision coverage
• Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
• Quarterly all-company wellness days where everyone takes a pause together
• Country specific holidays plus a day off for your birthday
• One-time home office stipend
• Annual professional development budget
• Quarterly well-being stipend
• Considerable paid parental leave
• Employee referral bonus program
• Other benefits (life/AD&D, disability, EAP, etc. - varies by country)

About Mozilla 

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

Commitment to diversity, equity, inclusion, and belonging

Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company’s core mission.  We encourage applications from everyone, including members of all equity-seeking communities, such as (but certainly not limited to) women, racialized and Indigenous persons, persons with disabilities, persons of all sexual orientations, gender identities, and expressions.

We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at hiringaccommodation@mozilla.com to request accommodation.