Senior Web Security Engineer, Browser Platform

This is a fully remote position, open to applicants in United States.

📋 Description

• Perform security audits for browsers, including special pages, DuckAI integrations, and password managers.

• Implement SERP security mitigations such as XSS prevention and develop tools to assist engineers in writing more secure code.

• Oversee the establishment of application security scanning infrastructure, including SAST/DAST integrations within GitHub.

• Conduct internal red-team operations through simulated attack scenarios.

• Assist in security triage efforts.

• Engage in various security-related projects.

⛳️ Requirements

• A minimum of 7 years of experience in web or application security, including security assessments, vulnerability research, penetration testing, or secure code reviews.

• Proficient programming or scripting skills in JavaScript, with additional experience in our tech stack being advantageous: Swift/Kotlin/C#/JavaScript (for native apps) or JavaScript/Perl/Go (for search).

• Familiarity with at least one WebView technology (WebKit, WebView2, Chromium WebView, etc.) and a solid understanding of browser security models such as SOP, CSP, CORS, and SameSite cookies.

• Practical experience in identifying and exploiting web vulnerabilities including XSS, CSRF, injection attacks, and authorization flaws.

• Knowledge of security testing tools and frameworks.

• Proven experience collaborating with Product Engineers, providing security advice and assisting teams in delivering secure code efficiently.

• Demonstrated ability to influence organizational security perspectives by promoting best practices, enhancing processes, and elevating standards across teams.

🏝️ Benefits

• Paid parental leave.

• Office setup support.

• Co-working allowances.