Staff Security Engineer

About The Position

Requirements

• 10+ years of demonstrated ability in a security consulting or architecture role
• Practical experience with Identity and Access Management, Mobile Device/Application Management, Data Loss Prevention, Endpoint Detection and Response
• Practical experience securing SaaS applications such as Google Workspace, Box, Slack, Workday, Jira and Confluence
• Experience securing cloud technologies such as Google Cloud, Amazon Web Services and Azure
• Strong written and verbal skills; ability to work effectively with diverse company partners
• Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful

Nice To Haves

• Ownership and Accountability
• Autonomy
• High Level of Integrity
• Clear Communication
• Creative Problem Solver
• Passionate about Security

Responsibilities

• Lead enterprise security control design and architecture across Mozilla SaaS applications and enterprise security tooling
• Conduct risk assessments and security reviews for SaaS and custom-developed applications and services
• Collaborate with security leadership on security strategy and prioritization of security projects
• Coordinate with Security Incident Response Team on incident retrospectives and follow up on security remediation
• Develop and implement cybersecurity strategies, policies, and frameworks aligned with organizational goals and regulatory requirements
• Conduct periodic corporate risk assessments and recommend measures to address identified vulnerabilities
• Act as a subject matter expert for internal teams, providing guidance on securing SaaS applications, infrastructure hardening, and data protection
• Review and approve security controls in project designs and deployments
• Ensure compliance with Mozilla security standards, such as NIST, GDPR, and other relevant regulations
• Support audits, certifications, and assessments
• Evaluate and recommend new security technologies, tools, and methodologies to strengthen the organization's cybersecurity posture
• Collaborate with IT and business units to assess and integrate security solutions
• Assist in development or acquisition of training sessions for employees to enhance cybersecurity awareness across the organization
• Provide mentorship to junior cybersecurity staff
• Provide detailed reports and dashboards on the organization's security status to senior leadership
• Communicate complex technical information to non-technical stakeholders effectively

Benefits

• Generous performance-based bonus plans to all eligible employees
• Rich medical, dental, and vision coverage
• Generous retirement contributions with 100% immediate vesting
• Quarterly all-company wellness days
• Country specific holidays plus a day off for your birthday
• One-time home office stipend
• Annual professional development budget
• Quarterly well-being stipend
• Considerable paid parental leave
• Employee referral bonus program
• Other benefits (life/AD&D, disability, EAP, etc. varies by country)