Security Engineer Full-time

Security Engineer

Locations: Berlin, Remote Europe, Remote Germany

Mozilla is looking for a Security Researcher to join the hunt for security bugs in our desktop and mobile browsers. As part of the Firefox Security Testing team, you will audit new features for security flaws, guide engineering efforts through security research and develop tooling and automation to eradicate classes of security bugs in the Firefox codebase. If you’re passionate about security research and you want to be part of an elite team fighting to protect users and a free and open web, we want to hear from you!
As a Security Researcher at Mozilla, you will…

Hunt for vulnerabilities in Firefox desktop and mobile browsers
Perform security testing/code review of new features to identify security flaws
Analyse security flaws to identify root cause/systemic issues and potential mitigations
Develop tools (e.g static analysis, instrumentation, testing frameworks) to scale assurance and eradicate security bug classes
Perform security research to guide development practices for engineering teams and inform the development of future security
Work closely with our Fuzzing team to improve our fuzzing techniques, gain coverage of new features and investigate potential security issues

Requirements

Experience in security auditing, code review and security testing
Proficient in finding and analysing security flaws in native code - i.e. through code auditing, debugging, code instrumentation etc
Sufficient C++ experience to audit for security flaws, and understand approaches to mitigate common issues
Programming experience in C++, JavaScript, Python and/or Rust
Deep understanding of browser & web security models

Things that would help you stand out:

Track record of finding security bugs in dynamic architectural targets (web, cryptography, mobile, network) and/or participating in CTFs
Familiarity with browser internals such as JS Engines, CSS, Graphics, Extensions, network protocols etc
Low-level systems programming experience (especially C++, but also C and/or Rust a bonus)
Strong OS security knowledge (Windows, OSX and Linux), especially familiarity with sandboxing and other vulnerability mitigation techniques
Disassembly/reversing skills
Static Analysis experience

About Mozilla

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Level: P3

#LI-RH1