# Senior Web Security Engineer, Browser Platform

**Company:** [DuckDuckGo](https://hotfix.jobs/companies/duckduckgo)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $179k – $179k/yr
**Experience:** 7+ years
**Skills:** JavaScript, Webkit, Webview2, Chromium Webview, Sop, Csp, Cors, Samesite Cookies, Xss, Csrf, SAST, DAST, GitHub, Penetration Testing, Vulnerability Research
**Posted:** 2026-05-04

> Conducts browser security audits, implements SERP mitigations like XSS prevention, manages SAST/DAST infrastructure, and leads red-team operations. Requires 7+ years in web security, advanced JavaScript, WebView experience, and vulnerability exploitation skills.

## Job Description

## Responsibilities
- Conduct browser security audits (special pages, DuckAI integrations, password manager, etc.)
- Execute SERP security mitigations (XSS prevention, tooling development to help engineers write safer code)
- Manage application security scanning infrastructure setup (SAST/DAST integrations in GitHub)
- Deliver internal red-team operations (simulated attack scenarios)
- Support security triage and incident detection/response
- Work on general security related projects

## Requirements
- 7+ years of experience in web or application security (security assessments, vulnerability research, penetration testing, secure code review)
- Advanced programming or scripting experience with **JavaScript**
- Experience with at least one WebView technology (**WebKit**, **WebView2**, **Chromium WebView**) and understanding of browser security models (**SOP**, **CSP**, **CORS**, **SameSite cookies**)
- Hands-on experience identifying and exploiting web vulnerabilities (**XSS**, **CSRF**, injection attacks, authorization flaws)
- Familiarity with security testing tools and frameworks
- Experience partnering with Product Engineers, advising on security matters

## Nice-to-Haves
- Experience with stack: **Swift**, **Kotlin**, **C#**, **JavaScript** (native apps), **JavaScript**, **Perl**, **Go** (search)
- Experience shaping organization-wide security best practices and processes

## Compensation
- $178,500 USD annually and stock options

## Similar roles

- [Senior Privacy Engineer](https://hotfix.jobs/jobs/af26efab-7a74-424f-898f-33d11b0540df) - DuckDuckGo - Remote - $179k – $179k/yr
- [Senior AI GRC Engineer](https://hotfix.jobs/jobs/bc79b82c-a4a1-4366-9ab5-cbe8ff769336) - Vanta - Remote - $178k – $209k/yr
- [Senior GRC Engineer](https://hotfix.jobs/jobs/bfcb5755-185d-4c09-bda1-9f49a4ecb6c8) - Postman - San Francisco, CA - $180k – $200k/yr
- [Senior Application Security Engineer](https://hotfix.jobs/jobs/79016b33-ba89-41bf-b2dc-def7958e241d) - Monarch - Remote - $180k – $215k/yr
- [Senior Security Engineer, GRC](https://hotfix.jobs/jobs/8a3040c3-16a4-42c0-8c91-cbee4a8039b3) - Temporal - Remote - $180k – $225k/yr

**Apply:** https://hotfix.jobs/jobs/cd37a6f6-45a6-4782-9b1a-1d30dcb37c06
**Canonical:** https://hotfix.jobs/jobs/cd37a6f6-45a6-4782-9b1a-1d30dcb37c06