Browser Security Engineer
Role summary
Comet is seeking a Browser Security Engineer to lead and own browser-specific security initiatives, focusing on custom Chromium development, extension security, and cross-device features. This role involves leading threat modeling and security architecture reviews, proactively identifying and mitigating browser vulnerabilities, and serving as the security expert for topics like SOP, XSS, sandboxing, and extension permissions. The engineer will also triage and resolve vulnerabilities from external researchers and the Chromium community, while developing security best practices and tooling for product and engineering teams. The position offers the opportunity to shape security strategy for a next-generation browser product and work on challenging problems at the intersection of custom Chromium engineering, browser extensions, and mobile security.
About The Role
As Comet continues to grow as a stand-alone product and codebase, we are seeking a Browser Security Engineer to lead and own browser-specific security initiatives, including custom Chromium development, extension security, and cross-device features.
- Browser/Chromium Security: Browser security encompasses threats and vulnerabilities (e.g., XSS and Same-Origin Policy issues).
- Custom Engineering: The Comet product features substantial custom work, including our Chromium fork, browser extensions, and secure sync features between devices.
- Proactive Partnership: As Comet’s complexity grows, a dedicated security engineer embedded with the product team will enable us to proactively identify and address concerns—well before red-teaming or external audits.
What You’ll Do
- Lead threat modeling and security architecture reviews for all Comet browser surfaces.
- Collaborate closely with product and engineering teams to proactively identify and mitigate browser vulnerabilities, especially issues specific to custom Chrome engineering and browser extension architecture.
- Develop security best practices, tooling, and documentation for engineers building browser-facing features.
- Serve as the security expert for topics such as Same-Origin Policy (SOP), XSS, sandboxing, browser extension permissions, and secure inter-device communication.
- Triage and resolve vulnerabilities found by external researchers (e.g., bug bounty, red-teaming partners) and the Chromium community.
- Build strong relationships with security partners and leverage their feedback for continuous improvement.
- Stay up to date on emerging browser security threats, tools, and industry trends.
What We're Looking For
- Prior experience in browser, application, or product security (ideally with Chrome/Chromium or other browser engine experience).
- Deep knowledge of modern browser architectures; understanding of XSS, CSP, sandboxing, extension security, and WebView-specific threats.
- Experience with security reviews and threat modeling for web, mobile, and extension platforms.
- Ability to work cross-functionally with engineers, product leads, and external security researchers.
Nice to Have
- Contributions to open-source browser projects, security research, or participation in bug bounty programs.
- Experience with web and mobile threat modeling.
- Familiarity with secure sync and cross-device communication mechanisms.
- Track record of proactive security work embedded within product teams.
Why Join Us?
- Shape security strategy for a next-generation browser product.
- Work on challenging problems at the intersection of custom Chromium engineering, browser extensions, and mobile security.
- Collaborate with top engineers in an environment that prioritizes security and product excellence.
Compensation Range: $220K - $405K