Staff Security Engineer
Company: Mozilla
Location: San Diego
Posted on: January 1, 2026
|
|
|
Job Description:
Mozilla Corporation is the non-profit-backed technology company
that has shaped the internet for the better over the last 25 years.
We make pioneering brands like Firefox, the privacy-minded web
browser. Now, with more than 225 million people around the world
using our products each month, we’re shaping the next 25 years of
technology and helping to reclaim an internet built for people, not
companies. Our work focuses on diverse areas including AI, social
media, security and more. And we’re doing this while never losing
our focus on our core mission – to make the internet better for
people. The Mozilla Corporation is wholly owned by the non-profit
501(c) Mozilla Foundation. This means we aren’t beholden to any
shareholders — only to our mission. Along with thousands of
volunteer contributors and collaborators all over the world,
Mozillians design, build and distribute open-source software that
enables people to enjoy the internet on their terms. About this
Team and Role Mozilla is looking for a staff security engineer to
assist with the design and architecture of security controls and
risk reduction activities across all Mozilla product, service and
support departments. To achieve these you will need: • experience
assessing security risks, presenting security topics to technical
and nontechnical teams. • Ability to analyze software and system
design to identify security vulnerabilities using knowledge of
state of the art vulnerabilities and attack techniques. • technical
expertise and experience with designing and building tooling to
scale and automate processes your influence and impact. •
outstanding interpersonal skills to partner with teams across the
organization and support them in reducing their risk. Most
importantly, you will assist the team responsible for ensuring the
integrity of Mozilla’s enterprise and products and for keeping
Mozilla’s users safe, within a company dedicated to building a more
secure internet. What You’ll Do • Lead enterprise security control
design and architecture across Mozilla SaaS applications and
enterprise security tooling • Conduct risk assessments and security
reviews for SaaS and custom-developed applications and services •
Collaborate with security leadership on security strategy and
prioritization of security projects • Coordinate with Security
Incident Response Team on incident retrospectives and follow up on
security remediation • Security Strategy and Governance • Develop
and implement cybersecurity strategies, policies, and frameworks
aligned with organizational goals and regulatory requirements. •
Conduct periodic corporate risk assessments and recommend measures
to address identified vulnerabilities. • Internal Consulting • Act
as a subject matter expert for internal teams, providing guidance
on securing SaaS applications, infrastructure hardening, and data
protection. • Review and approve security controls in project
designs and deployments. • Regulatory Compliance • Ensure
compliance with Mozilla security standards, such as NIST, GDPR, and
other relevant regulations. • Support audits, certifications, and
assessments. • Technology Assessment • Evaluate and recommend new
security technologies, tools, and methodologies to strengthen the
organizations cybersecurity posture. • Collaborate with IT and
business units to assess and integrate security solutions. •
Training and Awareness • Assist in development or acquisition of
training sessions for employees to enhance cybersecurity awareness
across the organization. • Provide mentorship to junior
cybersecurity staff. • Reporting and Communication • Provide
detailed reports and dashboards on the organizations security
status to senior leadership. • Communicate complex technical
information to non-technical stakeholders effectively. What You’ll
Bring • 10 years of demonstrated ability in a security consulting
or architecture role • Practical experience with the following
technologies: • Identity and Access Management • Mobile Device /
Application Management • Data Loss Prevention • Endpoint Detection
and Response • Practical experience securing SaaS applications such
as but not limited to: Google Workspace, Box, Slack, Workday, Jira
and Confluence) • Experience securing cloud technologies such as
Google Cloud, Amazon Web Services and Azure. • Strong written and
verbal skills; ability to work effectively with diverse company
partners. • Real-world experience in software development and/or
engineering operations; B.S. in technology focused fields is
helpful. Competencies • Ownership and Accountability • Autonomy •
High Level of Integrity • Clear Communication • Creative Problem
Solver • Passionate about Security What you’ll get: • Generous
performance-based bonus plans to all eligible employees - we share
in our success as one team • Rich medical, dental, and vision
coverage • Generous retirement contributions with 100% immediate
vesting (regardless of whether you contribute) • Quarterly
all-company wellness days where everyone takes a pause together •
Country specific holidays plus a day off for your birthday •
One-time home office stipend • Annual professional development
budget • Quarterly well-being stipend • Considerable paid parental
leave • Employee referral bonus program • Other benefits
(life/AD&D, disability, EAP, etc. varies by country)
Keywords: Mozilla, Oceanside , Staff Security Engineer, IT / Software / Systems , San Diego, California
