Senior Security Engineer, Add-ons Operations - Mozilla Corporation

Key Responsibilities

• Design and implement security controls for the add‑ons platform, ensuring protection of user data and code integrity.
• Conduct threat modeling and risk assessments for new features and third‑party integrations.
• Develop and maintain automated security testing and CI/CD pipelines, integrating static analysis, dependency scanning, and runtime protections.
• Lead incident response activities, including detection, containment, root‑cause analysis, and post‑mortem reporting.
• Collaborate with engineering, product, and privacy teams to embed security throughout the development lifecycle.
• Mentor junior security staff and promote security best practices across the organization.

Requirements

• 5+ years of hands‑on security engineering experience, preferably in a SaaS or browser‑extension environment.
• Strong proficiency in Python for automation, scripting, and tooling development.
• Deep knowledge of cloud security concepts, especially AWS services and IAM policies.
• Proven experience with CI/CD tools (e.g., Jenkins, GitHub Actions) and integrating security scans into pipelines.
• Demonstrated ability to perform threat modeling, vulnerability assessments, and lead incident response efforts.