Browser Security Engineer

ABOUT THE ROLE As Comet continues to grow as a stand-alone product and codebase, we are seeking a Browser Security Engineer to lead and own browser-specific security initiatives, including custom Chromium development, extension security, and cross-device features. - Browser/Chromium Security: Browser security encompasses threats and vulnerabilities (e.g., XSS and Same-Origin Policy issues). - Custom Engineering: The Comet product features substantial custom work, including our Chromium fork, browser extensions, and secure sync features between devices. - Proactive Partnership: As Comet’s complexity grows, a dedicated security engineer embedded with the product team will enable us to proactively identify and address concerns—well before red-teaming or external audits. WHAT YOU’LL DO - Lead threat modeling and security architecture reviews for all Comet browser surfaces. - Collaborate closely with product and engineering teams to proactively identify and mitigate browser vulnerabilities, especially issues specific to custom Chrome engineering and browser extension architecture. - Develop security best practices, tooling, and documentation for engineers building browser-facing features. - Serve as the security expert for topics such as Same-Origin Policy (SOP), XSS, sandboxing, browser extension permissions, and secure inter-device communication. - Triage and resolve vulnerabilities found by external researchers (e.g., bug bounty, red-teaming partners) and the Chromium community. - Build strong relationships with security partners and leverage their feedback for continuous improvement. - Stay up to date on emerging browser security threats, tools, and industry trends. WHAT WE'RE LOOKING FOR - Prior experience in browser, application, or product security (ideally with Chrome/Chromium or other browser engine experience). - Deep knowledge of modern browser architectures; understanding of XSS, CSP, sandboxing, extension security, and WebView-specific threats. - Experience with security reviews and threat modeling for web, mobile, and extension platforms. - Ability to work cross-functionally with engineers, product leads, and external security researchers. NICE TO HAVE - Contributions to open-source browser projects, security research, or participation in bug bounty programs. - Experience with web and mobile threat modeling. - Familiarity with secure sync and cross-device communication mechanisms. - Track record of proactive security work embedded within product teams. WHY JOIN US? - Shape security strategy for a next-generation browser product. - Work on challenging problems at the intersection of custom Chromium engineering, browser extensions, and mobile security. - Collaborate with top engineers in an environment that prioritizes security and product excellence.