Senior Web Security Engineer, Browser Platform

New

DuckDuckGoCybersecurity

RemoteFull-TimeSenior

Salary$178.5K; $178.5K • Offers Equity; Annual Compensation: Annual Compensation $178.5K • Offers Equity

Apply NowOpens the employer's application page

Job Details

7+ years of experience in web or application security (security assessments, vulnerability research, penetration testing, or secure code review).
Advanced programming or scripting experience with JavaScript.
Experience with at least one WebView technology (WebKit, WebView2, Chromium WebView, etc.).
Understanding of browser security models including SOP, CSP, CORS, and SameSite cookies.
Hands-on experience identifying and exploiting web vulnerabilities like XSS, CSRF, injection attacks, and authorization flaws.
Familiarity with security testing tools and frameworks.
Ability to collaborate with Product Engineers to advise on security matters.
Experience driving security best practices and improving processes across an organization.
Comfortable attending meetings on camera via video conferencing.
Ability to travel at least twice per year for company meetups (approx. 4-5 days each).
Successful completion of a background check.

Conduct browser security audits for special pages, DuckAI integrations, and password manager features.
Execute SERP security mitigations including XSS prevention and tooling development for secure code.
Manage application security scanning infrastructure setup, specifically SAST and DAST integrations in GitHub.
Deliver internal red-team operations through simulated attack scenarios.
Support security triage and advise product engineers on security best practices.

View Full Description & ApplyYou'll be redirected to the employer's site