Who you are

• This role requires expertise in secure coding practices, application security tools (SAST, DAST), and a strong understanding of modern architecture, cloud environments (AWS, Azure, GCP), and various programming languages
• 5+ years of relevant hands-on experience in product and application security
• 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
• Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
• Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
• Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
• Formal credentials are great, but real-world experience, curiosity, passion and a builder’s mindset matter more

What the job involves

• At Mozilla, we believe the internet is a global public resource—open and accessible to all
• As a Staff Security Engineer, you'll protect that vision by building, breaking, and hardening products that put people’s privacy and safety first
• We are looking for a security practitioner to reduce risk in applications, and ensure our products live up to Mozilla’s dedication to privacy and a joyful Internet
• Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
• Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
• Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
• Perform security code reviews
• Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
• Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
• Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
• Help define and enforce security policies and provide security guidance to development teams
• Help shape Mozilla's security culture through collaboration, guidance, and education
• You'll get to be deeply hands-on—testing, hardening, and building systems that protect millions of users every day

Benefits

• Health and wellness: Mozilla covers medical, dental and vision plan premiums at 100% for U.S. and Canadian employees. Our offerings give you the options you need to manage your health — and your family’s — the way you want.
• Mental health: Mental health is as important as our physical health. That’s why Mozilla’s health benefits include therapy and coaching sessions to make sure our people have access to the care they need.
• Time away: With all of life’s demands, time away from work to disconnect and recharge is essential. In addition to country-specific holidays (12 in the U.S. and Canada), vacation and sick time start accruing right away (specifics vary by country). Everyone also takes a pause together on quarterly all-company wellness days, plus you get to celebrate the most personal holiday of all: your birthday.
• Parental leave: While Mozilla’s parental leave policies vary globally, our U.S. and Canadian-based employees can look forward to 26 weeks of paid leave for childbearing parents and 12 weeks of paid leave for non-childbearing parents.
• Financial: Mozilla is a private company, so our compensation isn’t tied to stock options or equity plans. Instead, we offer generous, performance-based bonus plans to all regular employees to underscore that we share in our success as one team. As for retirement savings for US and Canadian employees, Mozilla contributes a percentage of your eligible base salary each year to the 401(k) Plan/RRSP (regardless of whether you contribute or not), with 100% vesting.
• Learning and development: We’re big believers in learning by doing, and we also want to invest in your education and development beyond your role. Every employee is eligible for an annual professional development budget. Mozillians can put it toward technical or management training, certifications, conferences and more.
• Help when you need it: Life is full of surprises; that’s why it’s important to be prepared. Mozilla provides Life/AD&D and Short and Long Term Disability insurance (offerings may vary by locale) to ensure that you and your family will have a safety net in place should you ever need it.
• Plus a bit more: A few other benefits include a quarterly wellbeing stipend (to use on those things just for you), an employee referral bonus, internet reimbursement if you’re remote, and a budget for office essentials to make working remotely ergonomically comfortable.