Browser Security Engineer

About The Position

Requirements

• Prior experience in browser, application, or product security (ideally with Chrome/Chromium or other browser engine experience).
• Deep knowledge of modern browser architectures; understanding of XSS, CSP, sandboxing, extension security, and WebView-specific threats.
• Experience with security reviews and threat modeling for web, mobile, and extension platforms.
• Ability to work cross-functionally with engineers, product leads, and external security researchers.

Nice To Haves

• Contributions to open-source browser projects, security research, or participation in bug bounty programs.
• Experience with web and mobile threat modeling.
• Familiarity with secure sync and cross-device communication mechanisms.
• Track record of proactive security work embedded within product teams.

Responsibilities

• Lead threat modeling and security architecture reviews for all Comet browser surfaces.
• Collaborate closely with product and engineering teams to proactively identify and mitigate browser vulnerabilities, especially issues specific to custom Chrome engineering and browser extension architecture.
• Develop security best practices, tooling, and documentation for engineers building browser-facing features.
• Serve as the security expert for topics such as Same-Origin Policy (SOP), XSS, sandboxing, browser extension permissions, and secure inter-device communication.
• Triage and resolve vulnerabilities found by external researchers (e.g., bug bounty, red-teaming partners) and the Chromium community.
• Build strong relationships with security partners and leverage their feedback for continuous improvement.
• Stay up to date on emerging browser security threats, tools, and industry trends.

Benefits

• Comprehensive health, dental, and vision insurance for you and your dependents.
• Includes a 401(k) plan.