Skip to content
DuckDuckGo

Senior Web Security Engineer, Browser Platform

179k – 179kUnited StatesRemote7+ YOE
Summary

Conducts browser security audits, implements SERP mitigations like XSS prevention, manages SAST/DAST infrastructure, and leads red-team operations. Requires 7+ years in web security, advanced JavaScript, WebView experience, and vulnerability exploitation skills.

About the role

Responsibilities

  • Conduct browser security audits (special pages, DuckAI integrations, password manager, etc.)
  • Execute SERP security mitigations (XSS prevention, tooling development to help engineers write safer code)
  • Manage application security scanning infrastructure setup (SAST/DAST integrations in GitHub)
  • Deliver internal red-team operations (simulated attack scenarios)
  • Support security triage and incident detection/response
  • Work on general security related projects

Requirements

  • 7+ years of experience in web or application security (security assessments, vulnerability research, penetration testing, secure code review)
  • Advanced programming or scripting experience with JavaScript
  • Experience with at least one WebView technology (WebKit, WebView2, Chromium WebView) and understanding of browser security models (SOP, CSP, CORS, SameSite cookies)
  • Hands-on experience identifying and exploiting web vulnerabilities (XSS, CSRF, injection attacks, authorization flaws)
  • Familiarity with security testing tools and frameworks
  • Experience partnering with Product Engineers, advising on security matters

Nice-to-Haves

  • Experience with stack: Swift, Kotlin, C#, JavaScript (native apps), JavaScript, Perl, Go (search)
  • Experience shaping organization-wide security best practices and processes

Compensation

  • $178,500 USD annually and stock options
Skills
JavaScriptWebKitWebView2Chromium WebViewSOPCSPCORSSameSite cookiesXSSCSRFSASTDASTGitHubpenetration testingvulnerability research
Similar roles at this salary range
All Security Engineering jobs →
Doppel

Product Security Engineer

Product Security Engineer embedding into engineering workflows to conduct architecture reviews, threat modeling, and penetration testing coordination while serving as GCP security SME. Requires 5-7 years experience and strong GCP and Python skills.

175k – 200kUnited StatesSecurity EngineeringRemote5+ YOEGCPIAM
Instacart

Senior Product Security Engineer II

Senior security engineer focused on offensive security testing, penetration testing, and scaling security practices across Instacart's product suite. Requires 7+ years in security engineering or pentesting with experience in mobile, cloud, or AI security.

192k – 243kUnited StatesSecurity EngineeringRemote7+ YOEAI SecurityCloud Security
Crusoe

Senior Software Engineer, Security

Design, build, and deploy scalable security services, PKI, and secrets management platforms. Implement automation to eliminate manual security risk remediation across enterprise infrastructure.

175k – 210kSan Francisco, CASecurity EngineeringOn-site5+ YOEGoAWS
Temporal

Senior Security Engineer, GRC

Senior GRC engineer owning customer security questionnaires, compliance automation, risk assessments, and policy management across SOC 2, ISO 27001, and HIPAA. Requires 8+ years experience, scripting skills, and strong customer-facing communication.

180k – 225kUnited StatesSecurity EngineeringRemote8+ YOEBashCISM
Sigma

Senior Security Engineer

Senior Security Engineer building and scaling security platforms, AI/LLM security controls, detections-as-code, and automation across cloud and SaaS environments. Requires 5+ years hands-on security engineering experience and strong Python/cloud skills.

175k – 220kSan Francisco, CASecurity EngineeringOn-site5+ YOEAWSGCP
Apply