Senior Security Engineer - Incident Response

Remote

Why Mozilla?

The Mozilla Corporation is wholly owned by the non‑profit 501(c) Mozilla Foundation. This means we aren’t beholden to any shareholders — only to our mission. Along with thousands of volunteer contributors and collaborators all over the world, Mozillians design, build and distribute open‑source software that enables people to enjoy the internet on their terms.

About this team and role:

Mozilla is looking for an Incident Responder to monitor and mitigate attacks across Mozilla’s products and services. In this position, you will be a part of a flexible team responsible for handling security incidents. As such, you’ll need to have years of practical security experience and knowledge of the state of the art for detecting and responding to attacks. You’ll be someone Mozillians across the company depend on and trust to respond quickly and effectively in a crunch, with the outstanding communication and collaboration skills needed to work in partnership with diverse stakeholders. Most importantly, you will become a critical member of the team responsible for ensuring the integrity of Mozilla’s products and for keeping Mozilla’s users safe, within a company dedicated to building a more secure internet.

What you’ll do:

• Identify and respond to security incidents on a global scale.
• Act as an incident commander to drive incidents through the entire response lifecycle.
• Design and maintain a portfolio of security alerts, automated actions, playbooks and escalation workflows in support of a high‑performing 24/7 incident response capability.
• Conduct threat hunting activities, anticipate future threats, and maintain forward‑thinking strategies for tools/technology/processes that combat sophisticated threat actors.
• Research threat intelligence reports, triage and manage resulting workflows.
• Partner with key stakeholders and communicate effectively to maintain a continuously improving feedback loop of preparation, identification, analysis, containment, and post mortem activities.
• Participate in on‑call rotation.

What you’ll bring:

• 5+ years of demonstrated ability managing security incidents at a global scale and/or experience working in Security Operations Centers (SOC), Product Security Incident Response Teams (PSIRT), and Computer Security Incident Response Teams (CSIRT).
• Expertise with security information and event management (SIEM) systems (eg. ELK, Google BigQuery, Splunk, etc.). Splunk proficiency is preferred.
• Expertise with endpoint detection and investigation. Hands‑on experience with leading EDR tools and demonstrated ability to leverage endpoint telemetry to find root cause.
• Expertise with security orchestration and automation (SOAR) platforms such as Tines or Splunk SOAR.
• Superb communication and leadership capacity; ability to partner effectively with diverse company stakeholders.
• Real‑world experience in software development and/or engineering operations for consumer products and services; B.S. in a technology‑focused field is helpful.
• Practical experience working with cloud technologies (eg. Google Cloud Platform, Amazon Web Services, Heroku, Microsoft Azure, etc.).
• Ownership and Accountability
• Autonomy
• High Level of Integrity
• Clear Communication
• Passionate about Security

What you’ll get:

• Generous performance‑based bonus plans to all eligible employees - we share in our success as one team
• Rich medical, dental, and vision coverage
• Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
• Quarterly all‑company wellness days where everyone takes a pause together
• Country specific holidays plus a day off for your birthday
• One‑time home office stipend
• Quarterly well‑being stipend
• Considerable paid parental leave
• Employee referral bonus program
• Other benefits (life/AD&D, disability, EAP, etc. - varies by country)

About Mozilla

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

Commitment to diversity, equity, inclusion, and belonging

Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company’s core mission. We encourage applications from everyone, including members of all equity‑seeking communities, such as (but certainly not limited to) women, racialized and Indigenous persons, persons with disabilities, persons of all sexual orientations, gender identities, and expressions.

We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at hiringaccommodation@mozilla.com to request accommodation.

We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws. Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior, conduct, or purpose.