Skip to content
DuckDuckGoDuckDuckGoUnited States

Senior Web Security Engineer, Browser Platform

Conducts browser security audits, implements SERP mitigations like XSS prevention, manages SAST/DAST infrastructure, and leads red-team operations. Requires 7+ years in web security, advanced JavaScript, WebView experience, and vulnerability exploitation skills.

179k – 179k
Remote7+ YOESecurity Engineering

About the role

Responsibilities

  • Conduct browser security audits (special pages, DuckAI integrations, password manager, etc.)
  • Execute SERP security mitigations (XSS prevention, tooling development to help engineers write safer code)
  • Manage application security scanning infrastructure setup (SAST/DAST integrations in GitHub)
  • Deliver internal red-team operations (simulated attack scenarios)
  • Support security triage and incident detection/response
  • Work on general security related projects

Requirements

  • 7+ years of experience in web or application security (security assessments, vulnerability research, penetration testing, secure code review)
  • Advanced programming or scripting experience with JavaScript
  • Experience with at least one WebView technology (WebKit, WebView2, Chromium WebView) and understanding of browser security models (SOP, CSP, CORS, SameSite cookies)
  • Hands-on experience identifying and exploiting web vulnerabilities (XSS, CSRF, injection attacks, authorization flaws)
  • Familiarity with security testing tools and frameworks
  • Experience partnering with Product Engineers, advising on security matters

Nice-to-Haves

  • Experience with stack: Swift, Kotlin, C#, JavaScript (native apps), JavaScript, Perl, Go (search)
  • Experience shaping organization-wide security best practices and processes

Compensation

  • $178,500 USD annually and stock options

Skills

JavaScriptWebkitWebview2Chromium WebviewSopCspCorsSamesite CookiesXssCsrfSASTDASTGitHubPenetration TestingVulnerability Research
DuckDuckGo

Senior Privacy Engineer

DuckDuckGoUnited States

Lead privacy engineering projects protecting user data across search, browser, and AI features. Own major privacy components, participate in audits, and mentor engineers using Go, Node.js, Python, or Perl.

179k – 179k
Remote5+ YOESecurity Engineering
Vanta

Senior AI GRC Engineer

VantaUnited States

As a Senior AI GRC Engineer, you will lead governance, risk, and compliance initiatives related to Vanta’s internal AI adoption and customer-facing AI products. You will partner with engineering teams to build and monitor scalable guardrails and champion sustainable AI usage.

178k – 209k
Remote5+ YOESecurity Engineering
Postman

Senior GRC Engineer

PostmanSan Francisco, CA

Senior GRC Engineer responsible for designing, building, and operating automation, integrations, and AI-assisted workflows across governance, risk, and compliance. Leads compliance initiatives including SOC 2, ISO 27001, HIPAA, and FedRAMP while partnering with cross-functional teams to improve security assurance and audit readiness.

180k – 200k
On-site6+ YOESecurity Engineering
Monarch

Senior Application Security Engineer

MonarchUnited States

Senior Application Security Engineer embedded with product and engineering teams at Monarch, a personal finance platform. Conduct AppSec reviews, SAST/DAST, vulnerability management, and AI security for LLM features on Django/Python stack. Requires 5+ years in security engineering with Python and web security expertise.

180k – 215k
Remote5+ YOESecurity Engineering
Temporal

Senior Security Engineer, GRC

TemporalUnited States

Senior GRC engineer owning customer security questionnaires, compliance automation, risk assessments, and policy management across SOC 2, ISO 27001, and HIPAA. Requires 8+ years experience, scripting skills, and strong customer-facing communication.

180k – 225k
Remote8+ YOESecurity Engineering