Who you are

• Experience assessing security risks, presenting security topics to technical and nontechnical teams
• Ability to analyze software and system design to identify security vulnerabilities using knowledge of state of the art vulnerabilities and attack techniques
• Technical expertise and experience with designing and building tooling to scale and automate processes your influence and impact
• Outstanding interpersonal skills to partner with teams across the organization and support them in reducing their risk
• 10+ years of demonstrated ability in a security consulting or architecture role
• Practical experience with the following technologies:
• Identity and Access Management
• Mobile Device / Application Management
• Data Loss Prevention
• Endpoint Detection and Response
• Practical experience securing SaaS applications such as but not limited to: Google Workspace, Box, Slack, Workday, Jira and Confluence)
• Experience securing cloud technologies such as Google Cloud, Amazon Web Services and Azure
• Strong written and verbal skills; ability to work effectively with diverse company partners
• Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful
• Ownership and Accountability
• Autonomy
• High Level of Integrity
• Clear Communication
• Creative Problem Solver
• Passionate about Security

What the job involves

• Mozilla is looking for a staff security engineer to assist with the design and architecture of security controls and risk reduction activities across all Mozilla product, service and support departments
• You will assist the team responsible for ensuring the integrity of Mozilla’s enterprise and products and for keeping Mozilla’s users safe, within a company dedicated to building a more secure internet
• Lead enterprise security control design and architecture across Mozilla SaaS applications and enterprise security tooling
• Conduct risk assessments and security reviews for SaaS and custom-developed applications and services
• Collaborate with security leadership on security strategy and prioritization of security projects
• Coordinate with Security Incident Response Team on incident retrospectives and follow up on security remediation
• Security Strategy and Governance
• Develop and implement cybersecurity strategies, policies, and frameworks aligned with organizational goals and regulatory requirements
• Conduct periodic corporate risk assessments and recommend measures to address identified vulnerabilities
• Internal Consulting
• Act as a subject matter expert for internal teams, providing guidance on securing SaaS applications, infrastructure hardening, and data protection
• Review and approve security controls in project designs and deployments
• Regulatory Compliance
• Ensure compliance with Mozilla security standards, such as NIST, GDPR, and other relevant regulations
• Support audits, certifications, and assessments
• Technology Assessment
• Evaluate and recommend new security technologies, tools, and methodologies to strengthen the organization's cybersecurity posture
• Collaborate with IT and business units to assess and integrate security solutions
• Training and Awareness
• Assist in development or acquisition of training sessions for employees to enhance cybersecurity awareness across the organization
• Provide mentorship to junior cybersecurity staff
• Reporting and Communication
• Provide detailed reports and dashboards on the organization's security status to senior leadership
• Communicate complex technical information to non-technical stakeholders effectively

Benefits

• Health, Dental, and Vision Insurance
• Life Insurance + Accidental Death & Dismemberment
• Short-Term Disability and Long-Term Disability Insurance
• Employee Assistance Program (EAP)
• Retirement Plan contributions
• 20 Paid Time Off days per year (prorated) + your birthday
• Company Holidays + Shutdown
• Wellness budget
• Reimbursement for professional development (up to $3,000/year)
• Industry-leading paid parental leave (up to 26 weeks of fully paid leave for childbearing parents and up to 12 weeks for non-childbearing parents)
• Flexible work environment (nearly half of Mozillians work remotely)
• A work setup including the latest hardware and software of your choice