Lead threat modeling and security architecture reviews for all Comet browser surfaces.
Collaborate closely with product and engineering teams to proactively identify and mitigate browser vulnerabilities, especially issues specific to custom Chrome engineering and browser extension architecture.
Develop security best practices, tooling, and documentation for engineers building browser-facing features.
Serve as the security expert for topics such as Same-Origin Policy (SOP), XSS, sandboxing, browser extension permissions, and secure inter-device communication.
Triage and resolve vulnerabilities found by external researchers (e.g., bug bounty, red-teaming partners) and the Chromium community.
Build strong relationships with security partners and leverage their feedback for continuous improvement.
Stay up to date on emerging browser security threats, tools, and industry trends.
Requirements
Prior experience in browser, application, or product security (ideally with Chrome/Chromium or other browser engine experience).
Deep knowledge of modern browser architectures; understanding of XSS, CSP, sandboxing, extension security, and WebView-specific threats.
Experience with security reviews and threat modeling for web, mobile, and extension platforms.
Ability to work cross-functionally with engineers, product leads, and external security researchers.
Contributions to open-source browser projects, security research, or participation in bug bounty programs (nice to have).
Experience with web and mobile threat modeling (nice to have).
Familiarity with secure sync and cross-device communication mechanisms (nice to have).
Track record of proactive security work embedded within product teams (nice to have).
Benefits
Full-time U.S. employees enjoy a comprehensive benefits program including equity, health, dental, vision, retirement, fitness, commuter and dependent care accounts, and more.
Full-time employees outside the U.S. enjoy a comprehensive benefits program tailored to their region of residence.