Staff Security Engineer
Mozilla
AWSAzureCloudCyber Security
Salary
💰 CA$128,000 - CA$170,000 per year
Job Level
Lead
Tech Stack
AWSAzureCloudCyber Security
About the role
- Lead enterprise security control design and architecture across Mozilla SaaS applications and enterprise security tooling
- Conduct risk assessments and security reviews for SaaS and custom-developed applications and services
- Collaborate with security leadership on security strategy and prioritization of security projects
- Coordinate with Security Incident Response Team on incident retrospectives and follow up on security remediation
- Develop and implement cybersecurity strategies, policies, and frameworks aligned with organizational goals and regulatory requirements
- Conduct periodic corporate risk assessments and recommend measures to address identified vulnerabilities
- Act as a subject matter expert for internal teams, providing guidance on securing SaaS applications, infrastructure hardening, and data protection
- Review and approve security controls in project designs and deployments
- Ensure compliance with Mozilla security standards, such as NIST, GDPR, and other relevant regulations
- Support audits, certifications, and assessments
- Evaluate and recommend new security technologies, tools, and methodologies to strengthen the organization's cybersecurity posture
- Collaborate with IT and business units to assess and integrate security solutions
- Assist in development or acquisition of training sessions for employees to enhance cybersecurity awareness across the organization
- Provide mentorship to junior cybersecurity staff
- Provide detailed reports and dashboards on the organization's security status to senior leadership
- Communicate complex technical information to non-technical stakeholders effectively
Requirements
- 10+ years of demonstrated ability in a security consulting or architecture role
- Experience assessing security risks, presenting security topics to technical and nontechnical teams
- Ability to analyze software and system design to identify security vulnerabilities using knowledge of state of the art vulnerabilities and attack techniques
- Technical expertise and experience with designing and building tooling to scale and automate processes
- Outstanding interpersonal skills to partner with teams across the organization and support them in reducing their risk
- Practical experience with Identity and Access Management
- Practical experience with Mobile Device / Application Management
- Practical experience with Data Loss Prevention
- Practical experience with Endpoint Detection and Response
- Practical experience securing SaaS applications such as Google Workspace, Box, Slack, Workday, Jira and Confluence
- Experience securing cloud technologies such as Google Cloud, Amazon Web Services and Azure
- Strong written and verbal skills; ability to work effectively with diverse company partners
- Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful
