CrawlJobs Logo
Mozilla Logo Mozilla · IT - Software Development

Staff Security Engineer, Product Security

United States; Canada, Remote · Job Posted January 02, 2026
Apply Position
Job Link Share

Job Description

At Mozilla, we believe the internet is a global public resource—open and accessible to all. As a Staff Security Engineer, you'll protect that vision by building, breaking, and hardening products that put people’s privacy and safety first. We are looking for a security practitioner to reduce risk in applications, and ensure our products live up to Mozilla’s dedication to privacy and a joyful Internet. This position is remote-friendly and open to most locations in the US and Canada.

Job Responsibility

  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education

Requirements

  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams

Nice to have

Formal credentials are great, but real-world experience, curiosity, passion and a builder’s mindset matter more

What we offer

  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
  • Other benefits (life/AD&D, disability, EAP, etc. - varies by country)
  • Flexible work environment (majority of Mozillians work remotely)
  • Industry-leading paid parental leave (up to 26 weeks of fully paid leave for childbearing parents and up to 12 weeks for non-childbearing parents)
  • Reimbursement for professional development (up to $3,000/year)
  • A work setup including the latest hardware and software of your choice
Mozilla - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Staff Security Engineer, Product Security

8 matching positions

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
Read More
Arrow Right

Staff Product Security Engineer

We’re seeking a Staff Product Security Engineer with deep AI/ML security experti...
Location
Location
United States , San Francisco
Salary
Salary:
250000.00 - 285000.00 USD / Year
crusoe.ai Logo
Crusoe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8-10 years of deep hands-on experience in offensive security, including manual penetration testing, red team operations, and adversary simulation
  • Familiarity with modern C2 frameworks (e.g., Cobalt Strike, Sliver, Havoc), exploit development, and security research
  • Strong expertise across the AI/ML stack, including MLOps, inference architectures, vector databases, RAG, and agentic frameworks (e.g., ReAct, Reflexion)
  • Experience building, deploying, and securing LLM pipelines and AI workflows in Kubernetes and/or bare-metal environments
  • Strong software engineering foundations with experience shipping production code in Go, Python, or Rust
  • Hands-on experience securing Kubernetes, containers, VMs, and CI/CD environments
  • Deep understanding of application security vulnerabilities, secure coding practices, and distributed system design
  • Demonstrated ability to lead complex, cross-functional security initiatives end-to-end
  • Strong communication skills with the ability to influence both engineering teams and executive stakeholders
Job Responsibility
Job Responsibility
  • Performing advanced manual penetration testing across complex applications, infrastructure, Kubernetes environments, and distributed microservice ecosystems
  • Leading offensive security initiatives including red team operations, adversary simulation, and security research
  • Securing AI/ML systems end-to-end, including LLM pipelines, vector databases, RAG architectures, and agentic workflows
  • Identifying and researching novel attack surfaces unique to LLMs and autonomous systems, contributing to internal and external AI security research
  • Influencing secure system design across the SDLC, embedding security into CI/CD pipelines, container images, and deployment workflows
  • Integrating and operationalizing security tooling (SAST, DAST, SCA, container scanning) and driving remediation of complex application-layer vulnerabilities
  • Building internal security guardrails such as hardened base images, reusable libraries, and policy-as-code frameworks
  • Developing production-grade security tooling and leading cross-functional security programs from design through deployment
What we offer
What we offer
  • Bonus
  • Restricted Stock Units are included in all offers
  • Fulltime
Read More
Arrow Right

Staff Product Security Engineer

At Bumble, we’re building secure, AI-powered systems that make trust and safety ...
Location
Location
United States , Austin
Salary
Salary:
255000.00 - 285000.00 USD / Year
bumble.com Logo
Bumble Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in Application or Product Security
  • Proven expertise in secure software development, threat modeling, and SDLC integration
  • Hands-on experience building or integrating developer-facing security tools
  • Strong understanding of cloud and container security (AWS, GCP, Kubernetes)
  • Demonstrated ability to influence engineering practices and drive security adoption
  • Excellent communication skills and cross-functional leadership
Job Responsibility
Job Responsibility
  • Research, design, and deliver scalable security tools, frameworks, and automation that streamline secure development
  • Build developer-centric security experiences and self-service capabilities within engineering workflows
  • Leverage AI and Model Context Protocol (MCP) to create intelligent, context-aware security guidance and automation
  • Collaborate with Product and Engineering to embed security into design reviews, sprints, and roadmaps
  • Provide expertise across cloud-native, containerized, and service-oriented architectures (AWS, GCP, Kubernetes)
  • Partner with leaders across Engineering and Product to align security with developer velocity and experience
What we offer
What we offer
  • Maven Fertility - $10,000 lifetime benefit opportunity for reproductive journey support
  • Family & compassionate paid leave
  • 26 weeks parental leave for primary caregiver
  • 26 weeks paid leave for secondary caregiver after 1 year of employment
  • Unlimited paid time off
  • Company-wide week off
  • Focus Fridays - no meetings, deadlines, emails, or Slack on Fridays
  • Fulltime
Read More
Arrow Right

Staff Product Security Engineer - Customer Platform

We are seeking a seasoned and highly skilled Staff Product Security Engineer - C...
Location
Location
United States
Salary
Salary:
190000.00 - 260000.00 USD / Year
valon.ai Logo
Valon Tech
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years in progressive senior security engineering or architect level roles
  • 3+ years leading security design for enterprise-grade cloud and SaaS platforms
  • Bachelor's degree in Information Security, Computer Science, Technology or related field
  • Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)
  • Proven ability to design security reference architectures and implement customer platform security controls and technologies (IAM, API security, encryption/key management, logging/monitoring and others)
  • Hands-on experience with modern security technologies and tooling across cloud and application security
Job Responsibility
Job Responsibility
  • Define and evolve product security architecture and strategy for Valon’s multi-tenant SaaS platform
  • Architect and guide secure implementation of customer-facing security capabilities in conjunction with Engineering (e.g., authentication / authorization models, identity integration, access controls, audit and logging, encryption / key management)
  • Build and maintain security reference architectures and standardized secure design patterns for product teams
  • Lead threat modeling, security design and code reviews for new features, services, and major architectural changes
  • Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for product and data security risks
  • Support vulnerability triage, remediation strategy, and root cause analysis for product security issues
  • Support security compliance and regulatory needs (e.g., SOC 2, CCPA, NYDFS, FTC), including customer-facing security discussions and due diligence
  • Develop, implement, and enforce security policies, standards, and procedures
  • Support operational activities including security advisory and consultative reviews, incident response, issue remediation, and other security processes
What we offer
What we offer
  • Competitive salary with a meaningful stake in the company via equity
  • 401k plan
  • Comprehensive medical, dental, & vision benefits
  • Pre-tax deductions for public transportation, rideshare services, and parking expenses
  • Company wide orientation
  • Learning & development opportunities including regular review cycles that feature 360 degree feedback
  • Quarterly budgets for team and company outings
  • Flexible paid time off
  • Sick days
  • 11 company holidays
  • Fulltime
Read More
Arrow Right

Staff Product Security Engineer

As a Staff Product Security Engineer, you will play a crucial role in safeguardi...
Location
Location
France , Paris
Salary
Salary:
Not provided
dashlane.com Logo
Dashlane
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of application security best practices, including experience with threat modeling and risk assessments
  • Demonstrated experience building or improving an SDLC program
  • Familiarity with CI/CD pipelines and their security implications
  • Familiarity with cloud infrastructure (e.g., AWS, Azure, Kubernetes), and Infrastructure-as-Code (e.g., Terraform)
  • Interest in enabling secure use of AI tools to drive efficiency, creativity, and impact internally
  • Communication & Collaboration: You engage and listen empathetically to others, adjusting your communication style to fit the audience and message. You are experienced in communicating with technical and non-technical audiences
  • Mentoring: You enjoy using your knowledge and experience to support and uplevel those around you
  • Motivated Learner: You learn new technologies and processes quickly, and understand where to look for knowledge when you need it
  • Adaptability: You are a jack or jane of all trades - you’re comfortable digging into non-technical parts of the business to provide security support and guidance
Job Responsibility
Job Responsibility
  • Drive the continuous improvement of Dashlane’s security program across the product and company
  • Conduct architecture design reviews, threat modeling, and technical security assessments of Dashlane’s product (application and infrastructure) to identify security risks and provide mitigation guidance
  • Ensure security best practices are integrated throughout the software development lifecycle (SDLC)
  • Build upon and scale Vulnerability Management to ensure the team can track, analyze, and manage vulnerabilities and their remediation
  • Perform risk assessments of Dashlane’s internal systems, environments, assets, and data, and implement security best practices accordingly
  • Evaluate and implement security tooling and/or build customized tooling in-house where necessary
  • Participate in Compliance and Incident Response
  • Innovate and propose new forward-looking security features that protect Dashlane and our users
What we offer
What we offer
  • Equal Parental leave - regardless of gender, up to 20 weeks fully paid leave to take care of their new baby, within the first year of birth or adoption
  • Health insurance covered by Dashlane
  • Mentorship program - select your mentor from our internal pool and continue your learning path!
  • Commute allowance
  • Meal Vouchers (Swile)
  • Mental health services through Spring Health for you and family members
  • 4 extra days off (one per quarter) to acknowledge the importance of your wellbeing
  • Spot in daycare
  • Time off saving account
  • Donation matching program - give back to the community and support actions that lead to positive social impact under the historically marginalized communities. Every donation will be matched by Dashlane
  • Fulltime
Read More
Arrow Right

Staff Product Security Engineer

We’re looking for a Staff Product Security Engineer to lead the design and imple...
Location
Location
United States
Salary
Salary:
184000.00 - 252000.00 USD / Year
alpha-sense.com Logo
AlphaSense
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in product, application, or cloud security engineering
  • Deep understanding of secure SDLC, threat modeling, and secure architecture design
  • Proven expertise with AWS cloud security concepts and best practices
  • Strong experience with container security, orchestration, and runtime protection
  • Proficiency in Python, Java, and/or JavaScript for security automation, code review, and tooling
  • Experience securing AI/ML pipelines, data workflows, or model-serving infrastructure
  • Familiarity with DevSecOps and continuous integration/deployment environments
Job Responsibility
Job Responsibility
  • Embed robust security practices throughout the software and AI development lifecycle (SDLC)
  • Lead secure design reviews, threat modeling, and risk assessments for AI-driven products, APIs, and backend services
  • Partner with engineering and product teams to ensure security, privacy, and compliance by design
  • Build and maintain security automation and governance frameworks that integrate seamlessly into development workflows
  • Architect and enforce security controls for AI/ML systems, including model training, data pipelines, and inference environments
  • Identify and mitigate AI-specific attack vectors such as data poisoning, model inversion, prompt injection, and model theft
  • Collaborate with governance and compliance teams to align with ethical AI principles and frameworks like NIST AI RMF and the EU AI Act
  • Implement model provenance, integrity, and auditability controls to ensure responsible and secure AI operations
  • Partner with DevOps and SRE teams to secure service meshes, container networking, and secrets management
  • Drive software supply chain security, including artifact integrity, dependency management, and vulnerability reduction
What we offer
What we offer
  • Competitive compensation, benefits, and career growth opportunities
  • Opportunity to shape and drive product security strategy
  • Collaborative and security-minded engineering culture
  • Work on cutting-edge security challenges in a fast-growing company
  • Performance-based bonus, equity, and a generous benefits program
  • Fulltime
Read More
Arrow Right

Staff+ Product Security Engineer

Verkada is transforming how organizations protect their people and places with a...
Location
Location
United States , San Mateo
Salary
Salary:
200000.00 - 300000.00 USD / Year
verkada.com Logo
Verkada
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor of Science in Computer Science degree or equivalent
  • Strong experience with AWS, GCP or other cloud service provider
  • 7 - 10+ years of experience as a security engineer, software engineer, site reliability engineer, or security consultant
  • Understanding of security weaknesses, exploits, attacks and mitigations
  • Experience and enthusiasm for learning about new security products, features, and strategies
  • Coding ability
  • Excellent collaborative skills
  • Outstanding written and verbal communication
  • Experience with most of the following: Security Development Lifecycle, Threat Modeling, Architecture Analysis, Technical Design Review, Security Code Review, Open Policy Agent, SIEM
Job Responsibility
Job Responsibility
  • Facilitate the security baked into our applications throughout the software development lifecycle
  • Evangelize software security best practices through training and information sharing
  • Partner closely with engineering and product teams to improve the security of Verkada’s products and exceed customers’ expectations
  • Explore innovative solutions to enable Verkada business instead of “Security says No”
  • Collaborate with other engineering leaders to define, communicate, and execute on goals, priorities and process
  • Set up security tooling and secure defaults to ensure software security best practices
  • Perform architecture analysis, threat modeling and technical design reviews of sensitive features and infrastructure
  • Create and operate a bug bounty program
  • Triage and recommend solutions for security bugs from tools, third party assessments and bug bounties
  • Collaborate with the CISO and security team to grow the broader Verkada security program
What we offer
What we offer
  • Healthcare programs that can be tailored to meet the personal health and financial well-being needs - Premiums are 100% covered for the employee under at least one plan and 80% for family premiums under all plans
  • Nationwide medical, vision and dental coverage
  • Health Saving Account (HSA) with annual employer contributions and Flexible Spending Account (FSA) with tax saving options
  • Expanded mental health support
  • Paid parental leave policy & fertility benefits
  • Time off to relax and recharge through our paid holidays, firmwide extended holidays, flexible PTO and personal sick time
  • Professional development stipend
  • Fertility Stipend
  • Wellness/fitness benefits
  • Healthy lunches provided daily
  • Fulltime
Read More
Arrow Right