Senior Security Engineer – Offensive Security

• Full Time
• Posted : 4 years ago

TELECOMMUTE                                         LOCATION: Remote, US, Canada

A lot of companies say they’re driven by their mission . Our unique corporate structure guarantees that every decision we make upholds our mission: to make sure the internet stays available, safe, and welcoming to everyone. Beholden to neither shareholders nor investors, Mozilla Corporation is wholly owned by the not-for-profit Mozilla Foundation.

Mozilla is looking for a senior security engineer to lead security testing for Mozilla’s products and enterprise. In this position, you will curate Mozilla’s roadmap for the security testing of our most critical assets. As such, you’ll need years of practical experience delivering security assessments, knowledge of state of the art vulnerabilities and attack techniques, and a depth of technical expertise with designing and building tooling to scale your influence and impact. You’ll also need to have outstanding interpersonal skills to partner with teams across the organization and support them in reducing their risk. Most importantly, you will become a critical member of the team responsible for ensuring the integrity of Mozilla’s enterprise and products and for keeping Mozilla’s users safe, within a company dedicated to building a more secure internet.

Mozilla’s North American office locations include San Francisco, CA, Portland, OR, and Toronto, Canada. We are also open to you working from your home office anywhere in the US or Canada for this position.

About Mozilla

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

• Serve as the primary responsible individual at Mozilla for the successful execution of offensive security exercises (eg. pentest and red team) to advance the security posture of products and the enterprise.
• Develop and maintain toolsets, processes, and procedures that serve to detect security vulnerabilities, evaluate risk, and communicate test results to target audiences.
• Partner with product and infrastructure owners throughout the organization to functionally support continuous security improvement efforts, risk assessment, and purple team activities.
• Participate as an advisory board member and domain specialist to Mozilla’s bug bounty program.

Technology-focused Qualifications and Skills

• 3+ years of demonstrated ability in an offensive security role and/or equivalent experience working in application security, network security, vulnerability research, security scanner development, consulting.
• Expertise with security assessment and exploitation tools (eg. ZAP, Burp, Metasploit)
• Ability to develop your own tools as needed in a variety of programming languages (eg. Python, Go, Rust, Javascript, etc.)
• Practical experience working with cloud technologies (eg. Amazon Web Services, Google Cloud Platform, Heroku, Microsoft Azure, etc.)
• Superb communication and leadership capacity; ability to work effectively with diverse company partners.
• Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful.

Competencies

• Ownership and Accountability
• Autonomy
• High Level of Integrity
• Clear Communication
• Creative Problem Solver
• Passionate about Security

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws.

Skills

• JavaScript
• Python
• Software Development
• Cloud
• Rust
• Creative thinking
• communication skills
• Go
• Problem Solving
• Leadership Skills
• IT Operations
• Application Security