Cerby is a mission-critical cybersecurity company that empowers teams to operate securely and control their apps completely. As a Senior Software Engineer on the Extension team, you will own and scale the browser extension at the core of Cerby's platform, focusing on quality, performance, and security while collaborating with various stakeholders to deliver high-quality features.
Responsibilities:
- Build scalable, high-performance software solutions that align with business goals and user needs, leveraging AI-assisted tools and techniques as part of your engineering practice
- Work closely with product managers, engineering managers, UX designers, and other engineers to deliver high-quality features and functionality
- Write clean, maintainable, and efficient code, adhering to best practices and coding standards. Help define and promote best practices across the engineering org, including how AI tools can be responsibly and effectively integrated into development workflows
- Participate in code reviews, share knowledge with team members, and continuously improve development processes
- Champion new technologies, frameworks, and methodologies that drive innovation and product evolution, while continuously exploring ways to leverage AI in your day-to-day work to boost personal efficiency and empower those around you to do the same
- Actively contribute to our security-first approach by proactively identifying vulnerabilities and implementing robust solutions, including treating the frontend dependency ecosystem as a security surface: owning PNPM workspace governance, auditing packages for CVEs, enforcing patching SLAs, and managing supply-chain risk across transitive dependencies. Applies the same critical lens to how AI tools are adopted in development workflows, evaluating their security implications and ensuring they don’t introduce new vectors for risk
- Collaborate effectively in a remote-first environment, ensuring seamless communication and teamwork across time zones
- Demonstrates leadership and lives Cerby’s core values to achieve positive outcomes. Help cultivate an environment where experimenting with AI is encouraged, learnings are shared openly, and the team grows together
- Strong analytical and problem-solving skills with a focus on delivering high-quality solutions
- Ability to communicate complex technical concepts clearly and concisely both in written and verbal form
- Collaborate and thrive in agile teams, actively mentoring engineers, sharing knowledge across the org, and leveraging AI to accelerate documentation (runbooks, ADRs, onboarding guides, post-mortems) to free more time for the deep technical conversations that actually transfer expertise
Requirements:
- 5+ years of professional software engineering experience, with a focus on building and scaling SaaS applications
- Prior experience developing and maintaining Distributed Applications
- Previous experience mentoring junior developers and conducting security-first code reviews
- Manifest V3 service-worker model: ephemeral execution and state persistence across termination (chrome.alarms, keep-alive), plus the distributed-system concerns that come with it — cross-tab coordination, background sync, and token-refresh/session races
- Content scripts and injection into untrusted pages: isolated-world vs MAIN-world execution, Shadow DOM isolation, and MutationObserver-based DOM resilience
- Message passing across content scripts, service worker, popup/side panel, and offscreen documents, with sender/origin validation as a security boundary
- Cross-browser delivery to Chrome, Edge, Firefox, and Safari: API divergence (chrome.* vs browser.*), MV2/MV3 differences, Safari packaging, and per-store review/release (staged rollout, rollback, remote-code ban)
- Native messaging with native host applications, plus extension-specific performance (service-worker cold-start, bundle size, content-script efficiency)
- Strong React + TypeScript with utility-first CSS (e.g., TailwindCSS), building UI across extension surfaces (popup, options, side panel, in-page) that is responsive, accessible (WCAG/ARIA), and reusable via a design system
- Core frontend and browser fundamentals: browser API, client-side storage (localStorage, IndexedDB, chrome.storage), networking (fetch/XHR), and performance optimization
- Designing, consuming, and optimizing REST APIs with efficient data-fetching and caching (e.g., TanStack Query)
- Front-end security: mitigating XSS, CSRF, and CORS, and applying CSP, including the extension's own CSP model
- Modern authentication and identity: OAuth 2.0 / OIDC, SAML, SCIM, and WebAuthn / FIDO2 / passkeys; prior IAM or security experience
- Testing (unit, integration, component) and observability (metrics, traces, logs; OpenTelemetry/Datadog a plus), owning delivery end-to-end from design to production in an Agile/CI-CD environment
- Experience working with security compliance frameworks (SOC 2, GDPR, HIPPA, etc.)
- Familiarity with encryption processes and key management
- Prior experience in a venture funded high-growth SaaS startup preferred