Senior Software Engineer, Browser Automation

About The Position

Requirements

• Experience building production software, with deep, hands-on experience in browser automation (Playwright, Puppeteer, or Selenium) against real, non-trivial web applications.
• Strong TypeScript / Node.js skills and comfort living inside the headless-browser stack, including Chromium internals, the Chrome DevTools Protocol, network interception, the DOM, and JS execution contexts.
• A track record of taming flaky, stateful, JavaScript-heavy apps. You've fought SPA timing, authentication, and anti-automation defenses and won.
• Solid instincts for distributed/concurrent systems: queues, backpressure, retries, idempotency, and running many browser sessions reliably at scale.
• A bias toward determinism and debuggability, and the judgment to reach for an LLM only when a deterministic approach genuinely can't do the job.
• Ownership mentality: you are comfortable taking a critical subsystem from "works" to "works unattended, at scale, against someone else's production environment."

Nice To Haves

• Experience with agentic browser frameworks (Stagehand, Browser Use, or similar) or building LLM-in-the-loop automation.
• Background in web application security or offensive tooling — familiarity with broken access control, IDOR/BOLA, SQLi, XSS, SSRF, or SSTI in the wild.
• Familiarity with graph data models (e.g., Neo4j) for representing application structure.
• Experience with large-scale crawling, endpoint discovery (e.g., parsing/analyzing client-side JS), or session/credential management for automated access.
• Comfort working in an environment where correctness against a live customer system is a hard, non-negotiable constraint.
• You’ve gone beyond using tools like Playwright or Puppeteer to actually hacking on their internals or contributing to the core.
• You’ve built browser automation at extreme scale, handling thousands of sessions against hostile, heavily-defended targets. You know exactly how systems break under pressure and have the war stories to prove it.
• You’ve successfully outmaneuvered sophisticated WAFs, anti-bot defenses, and fingerprinting mechanisms in production environments.
• You have an offensive security mindset: you don’t just navigate a web app; you actively map its attack surface and hunt for unreachable paths.
• You have battle-tested experience with LLMs in production. You understand the engineering trade-offs: knowing when AI is an asset and when it introduces unacceptable latency or nondeterminism compared to a deterministic script.

Responsibilities

• Help us grow and harden our browser automation and crawling engine, which is the layer that discovers, navigates, and interacts with target applications before and during an autonomous pentest.
• Advance our browser-driven crawler using Playwright and Stagehand.
• Tackle the gnarly realities of modern web apps: SPA routing and hydration timing, authenticated sessions, multi-step flows, file uploads, WebSocket/Socket.IO traffic, infinite scroll, and crawler traps.
• Extend our agentic login and authentication capabilities, including complex auth flows, MFA/TOTP, and credentialed access reliable enough to run unattended against customer environments.
• Improve crawl coverage, determinism, and throughput. This involves endpoint and parameter discovery, dedupe, queueing, and state management, while keeping everything production-safe and side-effect-aware.
• Help draw the line between deterministic automation and LLM-driven navigation, applying models surgically rather than as a default, and keeping the system fast, debuggable, and cheap to run.
• Collaborate with the attack-team engineers who consume your crawl output, and help shape the graph-backed application map the rest of the pipeline depends on.

Benefits

• health, vision & dental insurance for you and your family
• a flexible vacation policy
• generous parental leave
• equity package in the form of stock options