Senior Security Engineer - Vulnerability Management

Why Mozilla?

Mozilla Corporation is the non-profit-backed technology company behind pioneering brands like Firefox, the privacy-minded web browser, and Pocket, the content discovery platform. More than 270 million people around the world use its products each month.Along with 20,000+ volunteer contributors and collaborators all over the world, Mozilla Corporation’s staff are driven by our vision to be the trusted guide through a joyful internet. We design, build and distribute software that enables people to enjoy the internet on their terms.

Risk Management at Mozilla

As part of Security Assurance, our team is a vital part of how security works at Mozilla. We help engineers, product managers, lawyers, and everyone else across Mozilla understand where their risks are, and how to mitigate them. We do this through risk assessments, security testing and red team exercises, setting standards and policy, and helping our developers build the most secure software they can, so we can protect our users.

What you’ll do: 

• Collaborate with others to design and craft automated systems for identifying, triaging, and remediating vulnerabilities across Mozilla.
• Coordinate with infrastructure and software engineering teams across Mozilla to assess how to best extend vulnerability management coverage into their areas.
• Keep abreast of new security vulnerabilities and proactively engage with the vulnerability management program to identify and arrange for the remediation of Mozilla systems.
• Help ensure that service level agreements for fixing found issues are followed.
• Be a member of Mozilla’s Web Bug Bounty award committee.
• Occasionally contribute to other team work areas such as security testing, risk assessment, and application security.

What you’ll bring:

• 4+ years of security experience.
• Experience with popular vulnerability scanning and management tools such as Nessus, OpenVAS, or Twistlock. If you have experience with other tools, that is also great.
• Comfortable collaborating across teams and functional areas.
• Good understanding of threat modeling and risk analysis.

Bonus points for…

• Software engineering experience

About Mozilla 

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

Commitment to diversity, equity, inclusion, and belonging

Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company’s core mission.  We encourage applications from everyone, including members of all equity-seeking communities, such as (but certainly not limited to) women, racialized and Indigenous persons, persons with disabilities, persons of all sexual orientations, gender identities, and expressions.

We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at hiringaccommodation@mozilla.com to request accommodation.

We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws.  Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior, conduct, or purpose.

Group: D

#LI-REMOTE

Req ID: R2163