Add-ons Code Security Reviewer

2 minute read

Add-ons (or “browser extensions”) are software programs, most often developed by a third party, that allow you to add features to Firefox to customize your browsing experience. With billions of downloads and millions of users every day, add-ons are a significant part of the Firefox experience.

Mozilla is looking for a Security Engineer with a keen interest for code security, bug hunting and policy compliance to join the Firefox Add-ons team,to keep users safe from malicious extensions and support developers with add-on development.

You will be engaging in special projects to increase the efficiency of our review pipeline, monitoring existing signals and create new rules to detect add-ons of interest, and take action against malicious activity on addons.mozilla.org.

As a Security Engineer, you will

  • Review add-ons submitted on addons.mozilla.org for security vulnerabilities as well as functionality and user experience flaws. Contribute to our users safety by ensuring compliance with our submission guidelines and add-on policies.
  • Assist add-on developers in resolving (compliance) questions and interact closely with a team of add-on reviewers to resolve complex ecosystem and operational issues.
  • Collaborate with the add-ons engineering team to improve review tools and automatically detect malicious behaviors on the platform.

Your Professional Profile

  • Proficiency in understanding, finding and analyzing security flaws in the web platform (JS, HTML, CSS, DOM) and strong analytical skills to effectively identify malicious behaviors from complex, obfuscated or minified code.
  • A passion for security and privacy in the web ecosystem paired with a profound understanding of the web security model.
  • A background in building or reviewing browser extensions or web applications is a plus.
  • Ability to work with command line and build tools commonly used in JavaScript environments.
  • Experience collaborating remotely and asynchronously with an international team.
  • Excellent written and verbal communication skills in English.

Things that might set you apart from other applicants:

  • Empathy for the experience of our community of users, developers, and volunteers, advocating for them based on community insights.
  • Experience with one or more of Python, Django and React.
  • Ability to create SQL queries to support metrics and analysis.

Does this sound like the right challenge for your next endeavor? We’d love to hear from you and make you a part of our team!

Apply Here