Feel good about your work again.
Senior Product Security Engineer
Location
Spain
Posted
20 hours ago
Salary
€58K - €77K / year
Seniority
Senior
Job Description
Senior Product Security Engineer
Mozilla
• Deliver major features and architectural improvements across the Add-ons stack, including automated moderation pipelines, Reviewer tools, and DevHub. • Create robust observability systems and data-backed insights. • Provide peer feedback, share knowledge and help others grow. • Improve platform reliability through deployments, monitoring, and incident response. • Help keep the platform safe and trustworthy, with attention to security and user trust. • Step in to resolve issues impacting users and developers, from small bugs to larger incidents. • Collaborate with designers, product managers, QA, and community contributors to deliver end-to-end improvements. • Contribute in the open through pull requests, code reviews, and discussions.
Job Requirements
- Experience building modern web applications.
- Strong experience with Python/Django or similar backend frameworks.
- Understanding of web security principles and practices.
- Strong collaboration and communication skills in a distributed team environment.
- Adept at navigating ambiguity, exploring solutions, and shaping direction in new problem spaces.
- Commitment to our values:
- Welcoming differences
- Being relationship-minded
- Practicing responsible participation
- Having grit
- Bonus points for:
- Experience in building automated security systems.
- Exposure to cloud infrastructure (Google Cloud or similar).
- Contributions to open source projects.
- Experience with policy-compliant ecosystem moderation tools.
Benefits
- Generous performance-based bonus plans to all eligible employees - we share in our success as one team
- Rich medical, dental, and vision coverage
- Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
- Quarterly all-company wellness days where everyone takes a pause together
- Country specific holidays plus a day off for your birthday
- One-time home office stipend
- Annual professional development budget
- Quarterly well-being stipend
- Considerable paid parental leave
- Employee referral bonus program
- Other benefits (life/AD&D, disability, EAP, etc. - varies by country)
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Security Assurance Penetration Tester
RELXLexisNexis, a part of RELX, is a leading global provider of legal, regulatory, and business information. We help customers increase productivity and improve decision-making and outcomes. Our 10,500 experts and innovative tools help us shape a better world for our customers and communities.
Role Description Are you a collaborative Penetration Tester looking to work for a mission-driven global organization? This role supports the offensive security function within Elsevier's Security Engineering team. You will perform hands-on security testing and peer review activities, validate vulnerabilities and security controls, and support the automation of security assurance processes. This is a hands-on role for a motivated security professional eager to grow in a collaborative, fast-paced environment. The Security Assurance team supports the third-party penetration testing program, security control validation, and ongoing offensive security testing activities. Responsibilities - Tracking and triaging findings from third-party assessments, ensuring timely follow-up and remediation tracking. - Collaborating with development, platform, and product teams to communicate findings, track remediation efforts, and improve overall security posture. - Facilitating post-assessment reviews and lessons learned sessions with development teams to identify recurring security issues and promote secure development practices. - Maintaining program documentation, test records, and reporting artifacts. - Conducting penetration testing of web applications, APIs, cloud environments, and internal systems, escalating complex testing scenarios as needed. - Performing peer review of penetration testing deliverables, including test plans, findings, and final reports. - Participating in scoping exercises and contributing to the selection of appropriate testing methodologies. - Supporting security assessments of GenAI-powered applications and features, including LLM integrations, RAG pipelines, and AI agents. - Assisting in testing for AI-specific vulnerabilities such as prompt injection, jailbreaking, insecure output handling, model data leakage, and training data poisoning. - Contributing to the development of internal GenAI security testing checklists and methodologies, aligned with frameworks such as OWASP Top 10 for LLMs. Qualifications - Experience in information security, penetration testing, or a related field. - Experience or coursework in software development, DevOps, or scripting is highly desirable. - At least one relevant security certification (e.g., Security+, eJPT, PNPT, CEH, or equivalent) preferred; advanced offensive security certifications such as OSCP are a plus. - Foundational understanding of web application architecture, networking, and operating system security. - Familiarity with common penetration testing tools (e.g., Burp Suite, Nmap, Metasploit, Nuclei, or equivalent). - Working knowledge of OWASP Top 10, common CVEs, and vulnerability scoring frameworks (CVSS). - Scripting ability in at least one language (Python, Bash, PowerShell, or similar); development experience is a strong plus. - Basic understanding of cloud environments (AWS, Azure, or GCP) and associated security considerations. - Exposure to SAST/DAST tools and secure code review practices is desirable. - Awareness of GenAI security risks (prompt injection, LLM abuse, insecure AI integrations). Benefits - National Base Pay Range: $71,600 - $119,400. Geographic differentials may apply in some locations to better reflect local market rates. - If performed in Colorado, the base pay range is $71,600 - $119,400. - If performed in New York, the base pay range is $78,700 - $131,400. - If performed in New York City, the base pay range is $85,900 - $143,300. - If performed in Rochester, NY, the base pay range is $71,600 - $119,400. - If performed in New Jersey, the base pay range is $84,546 - $135,054. - This job is eligible for an annual incentive bonus. Company Description Elsevier is a renowned global information analytics company that primarily focuses on providing scientific, technical, and medical (STM) research content, tools, and services. It is one of the largest publishers of academic journals and scholarly literature in the world. - Elsevier operates in various domains, including science, technology, medicine, social sciences, and more. - They publish a vast number of peer-reviewed journals covering a wide range of disciplines. - These journals act as platforms for researchers and academics to share their findings and contribute to the advancement of knowledge in their respective fields. - In addition to publishing, Elsevier offers a suite of digital solutions and services to support researchers, scientists, and professionals in their work. - They provide online platforms like ScienceDirect, Scopus, and Mendeley, which offer access to a vast repository of scholarly articles, research papers, and other scientific content.
IT Security Administrator
KBR, Inc.We deliver science, technology and engineering solutions to governments and companies around the world.
Role Description We are looking for an IT Security Administrator to join our team and be responsible for the administration of KBR's Active Directory, Azure/Entra, and other information security systems. This role will ensure that security controls, procedures, and designs are in line with established information security standards to mitigate the risk of data exposure. The IT Security Administrator will process security requests to ensure proper approvals are documented and additions or revisions are consistent with KBR's Standards. This position requires the ability to apply both standard and advanced problem-solving techniques to security challenges. - Provide IT Security and System Administration at an Enterprise Level - Create, maintain, and terminate Active Directory accounts - Apply and analyze file permissions on file servers to include AD group creation and file share folder creation - Collaborate with other teams to design and implement secure systems and solutions in line with organizational security needs - Monitor queue to resolve and troubleshoot various system access issues and fulfill security requests in an accurate and efficient manner - Identify and investigate security violations, determine causes, and execute corrective measures to prevent recurrence - Manage and monitor security events and incidents, provide incident response as needed - Participate in security audits and assessments, provide support for any required corrective actions - Maintain knowledge of the latest security trends, threats, and vulnerabilities to ensure proactive defense strategies Qualifications - Bachelor’s degree in information technology, cybersecurity, or a related field, or equivalent work experience in lieu of degree - A relevant number of years of experience in IT security or a related field - Strong knowledge of information security systems, protocols, and standards - Hands-on experience with security tools and technologies (Active Directory, Microsoft Azure/Entra, Microsoft Exchange, etc.) - Familiarity with industry-standard security frameworks and regulations (e.g., NIST, ISO 27001, GDPR, etc.) - Strong problem-solving skills and the ability to work both independently and collaboratively in a team environment - Proven ability with incident detection, response, and post-incident analysis - Capacity to communicate technical security issues to non-technical stakeholders Desired Qualifications - Relevant security certifications (e.g., CISSP, CompTIA Security+, CISM) - Cloud security and securing enterprise-level infrastructure experience - PowerShell scripting or automation for security purposes
Security Assurance Penetration Tester
ElsevierTo benefit humanity, Elsevier helps professionals and institutions advance healthcare, improve performance, and progress science. Elsevier employs approximately
Role Description Are you a collaborative Penetration Tester looking to work for a mission-driven global organization? This role supports the offensive security function within Elsevier's Security Engineering team. You will perform hands-on security testing and peer review activities, validate vulnerabilities and security controls, and support the automation of security assurance processes. This is a hands-on role for a motivated security professional eager to grow in a collaborative, fast-paced environment. The Security Assurance team supports the third-party penetration testing program, security control validation, and ongoing offensive security testing activities. Responsibilities - Tracking and triaging findings from third-party assessments, ensuring timely follow-up and remediation tracking. - Collaborating with development, platform, and product teams to communicate findings, track remediation efforts, and improve overall security posture. - Facilitating post-assessment reviews and lessons learned sessions with development teams to identify recurring security issues and promote secure development practices. - Maintaining program documentation, test records, and reporting artifacts. - Conducting penetration testing of web applications, APIs, cloud environments, and internal systems, escalating complex testing scenarios as needed. - Performing peer review of penetration testing deliverables, including test plans, findings, and final reports. - Participating in scoping exercises and contributing to the selection of appropriate testing methodologies. - Supporting security assessments of GenAI-powered applications and features, including LLM integrations, RAG pipelines, and AI agents. - Assisting in testing for AI-specific vulnerabilities such as prompt injection, jailbreaking, insecure output handling, model data leakage, and training data poisoning. - Contributing to the development of internal GenAI security testing checklists and methodologies, aligned with frameworks such as OWASP Top 10 for LLMs. Qualifications - Experience in information security, penetration testing, or a related field. - Experience or coursework in software development, DevOps, or scripting is highly desirable. - At least one relevant security certification (e.g., Security+, eJPT, PNPT, CEH, or equivalent) preferred; advanced offensive security certifications such as OSCP are a plus. - Foundational understanding of web application architecture, networking, and operating system security. - Familiarity with common penetration testing tools (e.g., Burp Suite, Nmap, Metasploit, Nuclei, or equivalent). - Working knowledge of OWASP Top 10, common CVEs, and vulnerability scoring frameworks (CVSS). - Scripting ability in at least one language (Python, Bash, PowerShell, or similar); development experience is a strong plus. - Basic understanding of cloud environments (AWS, Azure, or GCP) and associated security considerations. - Exposure to SAST/DAST tools and secure code review practices is desirable. - Awareness of GenAI security risks (prompt injection, LLM abuse, insecure AI integrations). Requirements - Experience in information security, penetration testing, or a related field. - Experience or coursework in software development, DevOps, or scripting is highly desirable. - At least one relevant security certification (e.g., Security+, eJPT, PNPT, CEH, or equivalent) preferred; advanced offensive security certifications such as OSCP are a plus. - Foundational understanding of web application architecture, networking, and operating system security. - Familiarity with common penetration testing tools (e.g., Burp Suite, Nmap, Metasploit, Nuclei, or equivalent). - Working knowledge of OWASP Top 10, common CVEs, and vulnerability scoring frameworks (CVSS). - Scripting ability in at least one language (Python, Bash, PowerShell, or similar); development experience is a strong plus. - Basic understanding of cloud environments (AWS, Azure, or GCP) and associated security considerations. - Exposure to SAST/DAST tools and secure code review practices is desirable. - Awareness of GenAI security risks (prompt injection, LLM abuse, insecure AI integrations). Benefits - U.S. National Base Pay Range: $71,600 - $119,400. Geographic differentials may apply in some locations to better reflect local market rates. - If performed in Colorado, the base pay range is $71,600 - $119,400. - If performed in New York, the base pay range is $78,700 - $131,400. - If performed in New York City, the base pay range is $85,900 - $143,300. - If performed in Rochester, NY, the base pay range is $71,600 - $119,400. - If performed in New Jersey, the base pay range is $84,546 - $135,054. - This job is eligible for an annual incentive bonus. Company Description Elsevier is a renowned global information analytics company that primarily focuses on providing scientific, technical, and medical (STM) research content, tools, and services. It is one of the largest publishers of academic journals and scholarly literature in the world. - Elsevier operates in various domains, including science, technology, medicine, social sciences, and more. - They publish a vast number of peer-reviewed journals covering a wide range of disciplines. - These journals act as platforms for researchers and academics to share their findings and contribute to the advancement of knowledge in their respective fields. - In addition to publishing, Elsevier offers a suite of digital solutions and services to support researchers, scientists, and professionals in their work. - They provide online platforms like ScienceDirect, Scopus, and Mendeley, which offer access to a vast repository of scholarly articles, research papers, and other scientific content.
Senior Security Engineer – Microsoft Purview
ResMedPioneering innovative medical device and digital health solutions that treat and keep people out of the hospital.
• Design, implement, and maintain Microsoft 365 security and compliance solutions • Safeguard sensitive data and manage access controls • Monitor compliance posture and produce actionable insights • Collaborate with IT, Legal, Risk, and Security teams • Participate in incident response and investigations • Maintain awareness of emerging Microsoft 365 compliance features



