Add-ons Security Engineer

The Company

Our unique corporate structure guarantees that every decision we make upholds our mission: to make sure the internet stays available, safe, and welcoming to everyone. Beholden to neither shareholders nor investors, Mozilla Corporation is wholly owned by the not-for-profit Mozilla Foundation.

Along with 20,000+ volunteer contributors and collaborators all over the world, Mozilla Corporation’s staff designs, builds, and distributes software that allows people to enjoy the internet on their own terms. Our flagship product — the Firefox browser — has expanded into a family of products that protects users and alerts them of risks.

The Role

Add-ons (or “browser extensions”) are software programs, most often developed by a third party, that allow you to add features to Firefox to customize your browsing experience. With billions of downloads and millions of users every day, add-ons are a significant part of the Firefox experience.

Mozilla is looking for a Security Engineer with a keen interest for code security, bug hunting and policy compliance to join the Firefox Add-ons team,to keep users safe from malicious extensions and support developers with add-on development. 

You will be engaging in special projects to increase the efficiency of our review pipeline, monitoring existing signals and create new rules to detect add-ons of interest, and take action against malicious activity on addons.mozilla.org.

As a Security Engineer, you will

• Review add-ons submitted on addons.mozilla.org for security vulnerabilities as well as functionality and user experience flaws. Contribute to our users safety by ensuring compliance with our submission guidelines and add-on policies.
• Assist add-on developers in resolving (compliance) questions and interact closely with a team of add-on reviewers to resolve complex ecosystem and operational issues.
• Collaborate with the add-ons engineering team to improve review tools and automatically detect malicious behaviors on the platform.

Your Professional Profile

• Proficiency in understanding, finding and analyzing security flaws in the web platform (JS, HTML, CSS, DOM) and strong analytical skills to effectively identify malicious behaviors from complex, obfuscated or minified code. 
• A passion for security and privacy in the web ecosystem paired with a profound understanding of the web security model.
• A background in building or reviewing browser extensions or web applications is a plus.
• Ability to work with command line and build tools commonly used in JavaScript environments.
• Experience collaborating remotely and asynchronously with an international team.
• Excellent written and verbal communication skills in English.

Things that might set you apart from other applicants:

• Empathy for the experience of our community of users, developers, and volunteers, advocating for them based on community insights.
• Experience with one or more of Python, Django and React.
• Ability to create SQL queries to support metrics and analysis.

Does this sound like the right challenge for your next endeavor? We'd love to hear from you and make you a part of our team!

About Mozilla 

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

Commitment to diversity, equity, inclusion, and belonging

Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company's core mission.  We encourage applications from everyone, including members of all equity-seeking communities, such as (but certainly not limited to) women, radicalized and Indigenous persons, persons with disabilities, persons of all sexual orientations, gender identities, and expressions.

We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at hiringaccommodation@mozilla.com to request accommodation.

We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws.  Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior, conduct, or purpose.

Group: D

#LI-REMOTE

Req ID: R1935