DevArchitect
← Back to jobs
P

Browser Security Engineer

Perplexity

Ashby
OnsiteSan Francisco5 months ago
Security
Apply Now

Job Description

ABOUT THE ROLE

As Comet continues to grow as a stand-alone product and codebase, we are seeking a Browser Security Engineer to lead and own browser-specific security initiatives, including custom Chromium development, extension security, and cross-device features.

  • Browser/Chromium Security: Browser security encompasses threats and vulnerabilities (e.g., XSS and Same-Origin Policy issues).

  • Custom Engineering: The Comet product features substantial custom work, including our Chromium fork, browser extensions, and secure sync features between devices.

  • Proactive Partnership: As Comet’s complexity grows, a dedicated security engineer embedded with the product team will enable us to proactively identify and address concerns—well before red-teaming or external audits.

WHAT YOU’LL DO

  • Lead threat modeling and security architecture reviews for all Comet browser surfaces.

  • Collaborate closely with product and engineering teams to proactively identify and mitigate browser vulnerabilities, especially issues specific to custom Chrome engineering and browser extension architecture.

  • Develop security best practices, tooling, and documentation for engineers building browser-facing features.

  • Serve as the security expert for topics such as Same-Origin Policy (SOP), XSS, sandboxing, browser extension permissions, and secure inter-device communication.

  • Triage and resolve vulnerabilities found by external researchers (e.g., bug bounty, red-teaming partners) and the Chromium community.

  • Build strong relationships with security partners and leverage their feedback for continuous improvement.

  • Stay up to date on emerging browser security threats, tools, and industry trends.

WHAT WE'RE LOOKING FOR

  • Prior experience in browser, application, or product security (ideally with Chrome/Chromium or other browser engine experience).

  • Deep knowledge of modern browser architectures; understanding of XSS, CSP, sandboxing, extension security, and WebView-specific threats.

  • Experience with security reviews and threat modeling for web, mobile, and extension platforms.

  • Ability to work cross-functionally with engineers, product leads, and external security researchers.

NICE TO HAVE

  • Contributions to open-source browser projects, security research, or participation in bug bounty programs.

  • Experience with web and mobile threat modeling.

  • Familiarity with secure sync and cross-device communication mechanisms.

  • Track record of proactive security work embedded within product teams.

WHY JOIN US?

  • Shape security strategy for a next-generation browser product.

  • Work on challenging problems at the intersection of custom Chromium engineering, browser extensions, and mobile security.

  • Collaborate with top engineers in an environment that prioritizes security and product excellence.