Mozilla’s Infrastructure Security team is growing! We are looking for security practitioners to reduce risk in our systems and applications, and ensure our products live up to Mozilla’s dedication to privacy and a joyful Internet. This position is remote-friendly and open to most locations in the US and Canada.

Why Mozilla?

Mozilla Corporation is the non-profit-backed technology company behind pioneering brands like Firefox, the privacy-minded web browser, and Pocket, the content discovery platform. More than 270 million people around the world use its products each month.

Along with 20,000+ volunteer contributors and collaborators all over the world, Mozilla Corporation’s staff are driven by our vision to be the trusted guide through a joyful internet. We design, build and distribute software that enables people to enjoy the internet on their terms.

About this team and role:

Working closely with partners across IT, Site Reliability Engineering (SRE), along with other departments across Mozilla, the Security Engineer ensures that systems and services are secured through the implementation of technical and administrative security controls.

What you'll do:

• Protect the services our products like Firefox, Mozilla VPN, Pocket, etc depend on from attacks and abuses
• Design, build and deploy security frameworks such as cloud security, intrusion detection, vulnerability and patch management, application security services, system hardening, etc.
• Design, review and improve the security controls of the organization
• Write, maintain, and expand security automation and monitoring tools
• Work with developers and operations across the organization to keep infrastructure safe
• Translate technical and administrative security controls into platform security standards.
• Define, refine, publish and evangelize the resulting cost effective security standards, ensuring accurate translation into platform configurations.
• Continually work to improve Mozilla’s security posture by partnering and supporting other parts of the cybersecurity organization.

Successful candidates will have meaningful experience in one or more areas like GCP/AWS/Azure cloud security techniques, data security methodologies, vulnerability management and have extensive experience with security in all varieties of infrastructure.

You will be hardening and guiding recommendations for Mozilla’s systems and networks, infrastructure, application security services, and company assets, while ensuring the mission of privacy and security is upheld at all times. This is a hands-on role, and you will collaborate with other teams to guide proper security practices throughout the company.

What you'll bring:

• 3+ years of relevant hands-on experience in a cybersecurity domain designing, publishing and building security practices.
• 3+ years of experience translating technical and administrative security controls into actionable platform configurations.
• 3+ years of experience managing cybersecurity lifecycle management.
• 3+ years of experience in any cybersecurity domain(s).
• Strong infrastructure security knowledge, from high level architectural concepts down to the implementation.
• Security architecture background and experience, public cloud and on-premise.
• Cloud Architecture background
• Experience with Terraform
• Experience securing large-scale deployments in major cloud stacks (AWS, GCP, or Azure), including automating controls and use of API functions.
• A significant role in the operation of vulnerability management 
• Development skills primarily in Python and Go. You should feel comfortable operating the services for the code you write and documenting it for others.
• Log aggregation and analysis techniques, and you're familiar with the concepts of common SIEM technology such as Splunk.
• A B.S. in Computer Science or relevant certifications would be lovely, but passion, curiosity, and real-world experience are preferred.
• Experience in ensuring compliance with CIS benchmarks

About Mozilla 

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

Commitment to diversity, equity, inclusion, and belonging

Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company’s core mission.  We encourage applications from everyone, including members of all equity-seeking communities, such as (but certainly not limited to) women, racialized and Indigenous persons, persons with disabilities, persons of all sexual orientations,gender identities, and expressions.

We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at hiringaccommodation@mozilla.com to request accommodation.

We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws.  Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior, conduct, or purpose.

Group: D

#LI-REMOTE

Req ID: R2307

About The Role:

Pagoda is shepherding a future where NEAR becomes the blockchain operating system. We believe that re-inventing how software is made and distributed is our greatest opportunity to open economic access to those who are not fully integrated into the global economy. Our products empower people to find opportunity, invent new experiences, and collaborate. Let's build an Open Web world. A world where people control their assets, data, and power of governance.

Pagoda’s growing security team is looking for a Security Engineer to partner with our Protocol team. This position will be primarily responsible for identifying, analyzing, solutioning, and accounting for security as it pertains to the NEAR Blockchain; embedded within Pagoda’s Protocol team.

As a Security Engineer you will work closely with the Protocol team to make sure that NEAR Protocol is secure, robust, and performant. You will focus on strengthening the security of the protocol through a combination of architectural improvements, automated testing, and manual auditing of the codebase. You will also work closely with protocol engineers to ensure the security of new features and other changes to the existing protocol.

What You'll Be Doing:

• Identify ways to systematically improve the security of the protocol without compromising its performance and scalability
• Set up testing infrastructure to ensure the security of the protocol
• Security audit of the protocol implementation, including consensus, sharding, state transition, etc.
• Handle security vulnerability reports that are related to the protocol
• Analyze risk and maintain a registry and remediation/improvement roadmap as it pertains to the protocol

What We're Looking For:

• Development or software engineering experience and a deep passion for informations security
• Strong security engineering background and programming experience
• Experience with a modern system programming language (eg C++, Rust)
• Demonstrated experience evaluating code for vulnerabilities and weaknesses
• Familiarity with low-level programming, operating systems, and virtual machines. Experience with WebAssembly is a plus
• Practical experience of security analysis tools such as: fuzzing, SAST scanners, linters etc.
• Experience in securing large scale distributed systems
• Strong communication skills and ability to work with remote teams
• Results & goal orientated

We'd Love If You Have:

• A passion for security and Web3
• Experience in a start-up environment
• Experience with software verification technologies, including model checking and formal verification

Here’s What Our Interview Process Looks Like:

Our interviews take place via Zoom and typically consists of the following stages:

• Recruiter Call
• Hiring Manager Call
• 1st Round
  • Protocol Security Interview
• Final Round
  • Large System Design Interview
  • Navigating Ambiguity Interview
  • Concurrency & Parallelism Interview

Available Locations: Hybrid from a US Cloudflare office or Remote US

About the Department
The Identity and Access Management (IAM) team is dedicated to ensuring the secure and efficient management of user identities, access privileges, and authentication mechanisms across all company systems, applications, and data. Our mission is to safeguard the organization against unauthorized access, protect sensitive information, and enable seamless user experiences while adhering to industry best practices and compliance standards.

About the Role

As an Identity and Access Management (IAM) Security Engineer, you will play a crucial role in designing, implementing, and managing identity and access management solutions. You will be responsible for safeguarding our systems, applications, and data by ensuring secure user access, authentication, and authorization mechanisms.

A Security engineers work may include reviewing reports from various sources (automated scanners, employee reports, logs, etc.), managing and configuring automated tooling (Terraform, Open Policy Agent, Workers, etc.), building controls to enforce policy (two factor authentication requirements, role based access, etc), creating tools, reports or platforms to support the team's goals. 

Desirable skills, knowledge and experience

Security engineers take part in a wide variety of tasks and projects in the team. One individual is not expected to know everything, but a working knowledge in several of the following areas is required: 

• Strong understanding of identity federation (SAML, OAuth, OpenID Connect, etc.)
• Experience with Identity and Access Management policy application and enforcement
• Experience designing, implementing, and managing IAM solutions
• Experience working with Open Policy Agent
• Experience working in DevOps / DevSecOps 
• Experience working with configuration management tools like Terraform, Ansible, etc.
• Experience working with Information Technology platforms and systems
• Experience with SaaS security (Google Workspace, Salesforce, Workday, Atlassian, etc.)
• Experience in configuration, troubleshooting and maintenance of network security infrastructure (Web content filtering, Firewall, IDS and DLP controls)
• Experience with API gateways and API security
• Experience with Zero Trust security
• Experience in secure configuration of cloud-based storage and data management systems
• Experience with secure configuration of containerized application platforms (e.g. Kubernetes)
• Advanced programming experience (Python, TypeScript, Bash, etc.)

Compensation

Compensation may be adjusted depending on work location.

• For Colorado-based hires: Estimated annual salary of $168,000- $206,000
• For New York City, Washington, and California (excluding Bay Area) based hires: Estimated annual salary of $187,000- $229,000
• For Bay Area-based hires: Estimated annual salary of $196,000 - $240,000

Equity

This role is eligible to participate in Cloudflare’s equity plan.

Benefits

Cloudflare offers a complete package of benefits and programs to support you and your family.  Our benefits programs can help you pay health care expenses, support caregiving, build capital for the future and make life a little easier and fun!  The below is a description of our benefits for employees in the United States, and benefits may vary for employees based outside the U.S.

Health & Welfare Benefits

• Medical/Rx Insurance
• Dental Insurance
• Vision Insurance
• Flexible Spending Accounts
• Commuter Spending Accounts
• Fertility & Family Forming Benefits
• On-demand mental health support and Employee Assistance Program
• Global Travel Medical Insurance

Financial Benefits

• Short and Long Term Disability Insurance
• Life & Accident Insurance
• 401(k) Retirement Savings Plan
• Employee Stock Participation Plan

Time Off

• Flexible paid time off covering vacation and sick leave
• Leave programs, including parental, pregnancy health, medical, and bereavement leave

• Join an industry with massive socio, economic, and political importance in the 21st century
• Work alongside some of the best and the brightest minds in the security industry
• Work with prominent clients and help them solve hard security problems
• Leave an indelible mark on a company where individual input has real impact
• Align your career trajectory with a hyper-growth company that is on the move

• Provide technical assistance on challenging security projects for our customers
• Develop custom methodologies, payloads, exploits, and tools to ensure project success
• Learn as much as possible about the industry and the work we do

• Demonstrated passion for cybersecurity
• BS in computer science, engineering, mathematics, or physics

• Software development or information systems exposure
• Internships with high-tech companies
• Internships with start-up companies
• Capture-the-flag, CCDC, or other security related competitions
• OSCP, OSCE, OSEE, or OSWE certifications

• Fanatical passion for cybersecurity and the challenges it presents
• Customer centric focus with an obsessive need to wow and delight each client
• Ability to maintain high levels of output and work ethic
• Personable individual who enjoys working in a team-oriented environment
• Self-starter and independent learner that is able to spin up quickly

Company Summary

Bugcrowd is the world’s #1 crowdsourced security company. Our award-winning platform combines actionable, contextual intelligence with the skill and experience of the world’s most elite hackers to help leading organizations solve security challenges, protect customers, and make the digitally connected world a safer place.

Job Summary 

The Security Engineer’s role is to aid the security efforts of Bugcrowd, while proactively making changes to further improve our security posture. 

To achieve this goal, we require a motivated team member who is willing to push their own boundaries and step out of their comfort zone.You will be challenged on a regular basis, especially because you are the last line of defense for one of the largest crowdsourced security platforms! The Security Engineer will provide mentoring to multiple junior security engineers and will work closely with other team members on a daily basis. 

Essential Duties and Responsibilities

Aiding within the Incident Response process

Threat hunting

Developing patches and security controls within a Ruby on Rails application, Golang application, and Kotlin application

Communicating across multiple teams converting technical knowledge into palatable words for multiple audiences. 

Significant familiarity with AWS and network security controls

Identifying vulnerability root causes

Performing basic risk assessments and triaging

Educating developers on security best practices

Architecting solutions with developers to remediate any security concerns

Performing basic red team assessments (including but not limited to phishing, vishing, spoofing technologies, etc.)

Testing new features within the platform and services

Automating security tasks to increase workflow efficiency

Mentoring other team members

Education

The Security Engineer will have 3 - 5+ years of experience in a similar role or its equivalent.

Knowledge, Skills, and Abilities

 Experience with writing IR plans and operating within an IR practice (experience responding to incidents)

Working knowledge of Threat Intelligence and how it can be used to proactively create security controls (automation)

Familiarity with Pentesting techniques and OWASP Top 10

Ability to understand a vulnerability and work with developers to patch it

Scripting knowledge in at least one of: Bash, Python, JavaScript, Ruby

Self motivated and organized - must be able to operate from a calendar and be punctual

Cloud security experience or holds cloud certifications (AWS strongly preferred)

Experience with Identity and Access Management (IAM) controls

Ability to work autonomously within a global company, and critically think without intervention

Familiarity with git

Familiarity with a ticketing system / issue tracking system is a must (e.g: Jira)

Pay Range Disclosure:The base pay range for this role takes into account the wide range of factors that are considered in making compensation decisions, including but not limited to Qualifications, Geographical Location, Education/certifications, Experience, Skill Sets, Training, and other business and organizational needs. 

A reasonable estimate of the current range for the position of Security Engineer base is: $87,000- $106,000

This position may also be eligible to participate in a discretionary bonus program or commission plan, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

Culture

At Bugcrowd, we understand that diversity in the workplace is vital to a company’s success and growth. We strive to make sure that people are included and have a sense of being part of making Bugcrowd not only a great product but a great place to work.

We regularly hear from both customers and researchers that Bugcrowd feels like a family, and we strive to maintain that internally as well.

Our team consists of a broad range of people: musicians, adventure sports junkies, nature lovers, parents, cereal enthusiasts, night owls, cyclists, artists—you get the point.

At Bugcrowd, we are solving security threats and vulnerabilities that are relevant to everyone, therefore we believe solving these problems takes all kinds of backgrounds. We value the perspectives and experiences people from underrepresented backgrounds bring. We are a supportive & collaborative team who understand that reaching Bugcrowd’s potential depends on the happiness of the employee.

Disclaimer

This position has access to highly confidential, sensitive information relating to the technologies of Bugcrowd. It is essential that the applicant possess the requisite integrity to maintain the information in the strictest confidence.

The company is authorized to obtain background checks for employment purposes under state and federal law. Background checks will be conducted for positions that involve access to confidential or proprietary information (including trade secrets).

Background checks may include Social Security verification, prior employment verification, personal and professional references, educational verification, and criminal history. Applicants with conviction histories will not be excluded from consideration to the extent required by law.

Equal Employment Opportunity:

Bugcrowd is EOE, Disability/Age Employer. 

Individuals seeking employment at Bugcrowd are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. 

Apply at: https://www.bugcrowd.com/about/careers/

The Principal Engineer, Network Security assists the Director, Network & Security Engineering, implementing and operating various cybersecurity controls for the league-wide cybersecurity program and stadium wireless consortium.

MAJOR RESPONSIBILITIES

• Apply and obey applicable statutes, laws, regulations, and internal policies, act with integrity and respect.

• Help install security solutions across the league that prevent security incidents and improve availability and integrity across wired, wireless, and virtual networks.

• Evaluate budget proposals and financial requests for viability

• Create playbooks for security procedures, document configurations, and research and communicate best practices to MLB and its Clubs.

• Devise, plan, deploy, and improve wired and wireless networks by collaborating with vendors, managers, and other engineers.

• Develop new approaches and countermeasures for emerging threats to devices and systems.

REQUIREMENTS

• Ability to execute tasks with high accuracy and thoroughness, maintain confidentiality while dealing with sensitive information.

• Completed a Master's or Bachelor's degree in Information Technology, Information Security, Cybersecurity, Computer Science, a related field or equivalent experience.

• Strong knowledge of networking concepts, including topology, IP networking, protocols, components, and principles. (e.g., L2 switching protocols, L3 routing protocols, BGP, )

• Strong knowledge of wireless networking concepts such as; Wi-Fi 6, Wi-Fi 6E, Wi-Fi 7.

• Ability to perform Wireless LAN surveys, installation and activation.

• Ability to evaluate and optimize WLAN systems using RF prediction and WLAN data collection tools.

• Strong knowledge of private cellular networks and Radio Frequency design/analysis.

• Strong verbal and written communication skills.

• Financial and analytical skills

• Ability to explain technical concepts to audiences at different levels.

• Obtained relevant WiFi certifications. (e.g., CCIE-W, ACMX, CWNA,) or can prove equal skills during an interview.

• Obtained relevant Palo Alto Networks certifications. (e.g., PCNSE, PCSAE, etc.) or can prove equal skills during an interview.

• Proficient in scripting and declarative languages is a plus. (e.g., Bash, GO, Python, HashiCorp Configuration Language HCL)

Why MLB?

Major League Baseball (MLB) is the most historic of the major professional sports leagues in the United States and Canada. Employees love working at MLB because of the culture of growth, teamwork, and professionalism. Employees who are most successful at MLB take initiative, know how to identify problems and provide solutions, and always put the Team first. For those ready to step up to the plate and join the Major Leagues, MLB takes the same approach as teams do with their players: empowering our “workforce athletes” to be at their best by engineering experiences that put employees in the best position to succeed. Major League Baseball is looking for candidates who are passionate about growing America’s pastime to best serve its fans for decades to come.

MLB’s vision is to be the global sport of choice for youth to play, fans of all backgrounds to enjoy and a desired destination for employment. With a belief that the journey to growth and greatness is ongoing, MLB gives employees the opportunity to continue learning and honing their skills with programs such as: tuition reimbursement; mentorship programs; lunch and learns; online course subscriptions; paid industry certifications; business resource groups; and more.

MLB provides its employees with exceptional medical, dental, and vision coverage. Premiums are 100% employer covered to help employees focus on being their best!

Major League Baseball is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know.

 
Are you ready to Step Up to the Plate? Apply below!

Per the NYC pay transparency law, the hiring range for this position is $140,000 to $200,000

As a candidate for this position, your salary and related elements of compensation will be contingent upon your work experience, education, skills and any other factors Major League Baseball (MLB) considers relevant to the hiring decision. In addition to your salary, MLB believes in providing a competitive compensation and benefits package for its employees. MLB offers employees a full range of best in class benefits with no employee contributions towards medical, dental, and vision coverage premiums, as well as incentive and recognition programs, life insurance and automatic employer 401k contributions. All benefits are subject to eligibility requirements and the terms of official plan documents which may be modified or amended from time to time.

About the role:

Samsara Security is looking for a Senior Threat Detection Engineer. This is a development and operations role where you will be responsible for building, deploying, and maintaining a robust threat detection and alerting pipeline. You will report to the Senior Engineering Manager of Security Detection and Response and collaborate with a global team of engineers to build a world-class security program.

We seek an individual who is passionate about building custom tools using open-source technologies, enjoys leveraging automation to enhance efficiency, and is enthusiastic about working with infrastructure-as-code and serverless technologies. As an early hire, you will play a critical role in shaping the direction of our threat infrastructure.

You should apply if:

• You want to impact the industries that run our world: Your efforts will result in real-world impact—helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely.
• You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, countless opportunities to experiment and master your craft in a hyper growth environment.
• You’re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
• You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best. 

Click here to learn about what we value at Samsara. 

In this role, you will: 

• Contribute to the detection and alerting pipeline so that our Security Operations team can quickly identify and remediate potential security threats.
• Improve availability, maintainability, and reliability of the detection pipeline.
• Develop security-focused tools and services in support of intelligence, detection, and response.
• Collaborate with Security Operations during security investigations, project work, and code pairing.
  Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices.

Minimum requirements for the role:

• Deep subject matter expertise with security engineering best practices.
• Strong development background with experience in Python, Go and SQL.
• Strong DevOps/SRE background with experience in AWS cloud services, Terraform, Linux, Containers, EDR, Githuband modern SIEM platforms.
• Significant Splunk experience ingesting data, writing advanced queries, and building dashboards.
• Significant (4+ years) experience performing security engineering in the technology sector.

An ideal candidate also has the following:

• Experience with detections-as-code, risk-based alerting, ChatOps, and distributed alerting
• Experience creating APIs/libraries to interact with internal systems
• Experience building custom tooling and working with open-source solutions
• Experience performing attack simulations to develop new detections and validate existing detections.
• Practical experience in a FedRAMP environment