Staff Security Engineer

Overview

Our software client is looking for a staff security engineer contractor to cover a maternity leave. The selected candidate will assist with the design and architecture of security controls and risk reduction activities across all Mozilla product, service and support departments.

To achieve these you will need:

• Experience assessing security risks, presenting security topics to technical and nontechnical teams.
• Ability to analyze software and system design to identify security vulnerabilities using knowledge of state of the art vulnerabilities and attack techniques.
• Technical expertise and experience with designing and building tooling to scale and automate processes your influence and impact.
• Outstanding interpersonal skills to partner with teams across the organization and support them in reducing their risk.
• Most importantly, you will assist the team responsible for ensuring the integrity of Mozilla’s enterprise and products and for keeping Mozilla’s users safe, within a company dedicated to building a more secure internet.

What You’ll Do

• Risk Assessment and Management: Conduct comprehensive risk assessments for systems, applications, and processes. Identify risks, recommend mitigations, and prioritize remediation efforts based on business impact and risk level.
• Compliance Advisory: Design, implement, and test internal controls in response to identified risks and partner with external or internal auditors.
• Policy: Translate enterprise security policies into actionable controls, and create enterprise security policies where needed. Ensure compliance with relevant regulations (e.g., GDPR, CCPA, PCI DSS) and industry standards (e.g., SOC2, ISO 27001).
• Control Readiness Reviews: Lead the execution of all phases within a system control readiness lifecycle. Supervise control readiness activities to ensure that all key controls are being performed
• Metrics and Reporting: Develop and maintain key performance indicators (KPIs) and key risk indicators (KRIs). Provide regular reports to leadership.

What You’ll Bring

• 7+ years of experience in the IT industry with strong technical knowledge of cybersecurity and cloud security services and governance, risk, and compliance
• Practical experience with the following technologies:
  • Identity and Access Management
  • Mobile Device / Application Management (MDM / MAM)
  • Data Loss Prevention
  • Endpoint Detection and Response
• Experience in risk management, IT Compliance, Information Security assessments, Security project management.
• Experience in performing and/or participating in technical assessments in direct support of compliance efforts such as (FedRAMP, HIPAA, PCI, GxP, SOC2, ISO27001, ISO27002)
• Strong written and verbal skills; ability to work effectively with diverse company partners.
• Real-world experience in software development and/or engineering operations; B.S. in technology focused fields is helpful.

Competencies

• Ownership and Accountability
• Autonomy
• High Level of Integrity
• Clear Communication
• Creative Problem Solver
• Passionate about Security

#LI-ES1