security engineer python cloud penetration testing
Role details
Job location
Tech stack
Job description
At Mozilla, we believe the internet is a global public resource-open and accessible to all. As a Staff Security Engineer, you'll protect that vision by building, breaking, and hardening products that put people's privacy and safety first. We are looking for a security practitioner to reduce risk in applications, and ensure our products live up to Mozilla's dedication to privacy and a joyful Internet. This position is remote-friendly and open to most locations in the US and Canada.
What you'll do:
- Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products.
- Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC).
- Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation.
- Perform security code reviews
- Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts.
- Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early.
- Partner with engineers to integrate security throughout the software development lifecycle-not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases.
- Help define and enforce security policies and provide security guidance to development teams.
- Help shape Mozilla's security culture through collaboration, guidance, and education.
This role requires expertise in secure coding practices, application security tools (SAST, DAST), and a strong understanding of modern architecture, cloud environments (AWS, Azure, GCP), and various programming languages.
You'll get to be deeply hands-on-testing, hardening, and building systems that protect millions of users every day.
Requirements
- 5+ years of relevant hands-on experience in product and application security.
- 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment.
- Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review.
- Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation.
- Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams.
- Formal credentials are great, but real-world experience, curiosity, passion and a builder's mindset matter more.
Benefits & conditions
- Generous performance-based bonus plans to all eligible employees - we share in our success as one team
- Rich medical, dental, and vision coverage
- Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
- Quarterly all-company wellness days where everyone takes a pause together
- Country specific holidays plus a day off for your birthday
- One-time home office stipend
- Annual professional development budget
- Quarterly well-being stipend
- Considerable paid parental leave
- Employee referral bonus program
- Other benefits (life/AD&D, disability, EAP, etc. - varies by country)
About Mozilla
Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.
