Level Up Your Browser Security Game at Comet!
Comet is soaring, and we're looking for a passionate Browser Security Engineer to take ownership of browser-specific security initiatives. Dive deep into custom Chromium development, extension security, and secure cross-device features, shaping the future of our next-generation product.
This isn't just another security role. You'll be a key player, proactively identifying and addressing security concerns before they become critical. If you're excited about tackling complex challenges and collaborating with top-tier engineers, this is your chance to make a real impact.
What Awaits You:
Browser/Chromium Security Focus: Immerse yourself in browser security intricacies, tackling threats and vulnerabilities like XSS and Same-Origin Policy issues head-on.
Custom Engineering Playground: Explore Comet's extensive custom work, including our Chromium fork, browser extensions, and secure sync features, pushing the boundaries of what's possible.
Proactive Security Partnership: Embed yourself within the product team, proactively identifying and mitigating security risks, ensuring a secure foundation for our growing product.
Your Mission:
Spearhead threat modeling and security architecture reviews across all Comet browser surfaces.
Collaborate with product and engineering teams to proactively identify and eliminate browser vulnerabilities, particularly those unique to custom Chrome engineering and browser extension architecture.
Develop and champion security best practices, create essential tooling, and build comprehensive documentation for engineers developing browser-facing features.
Become the go-to security expert for critical areas like Same-Origin Policy (SOP), XSS, sandboxing, browser extension permissions, and secure inter-device communication.
Triage and resolve vulnerabilities discovered by external researchers (through bug bounty programs, red-teaming partnerships) and the broader Chromium community.
Forge strong relationships with security partners, incorporating their feedback to drive continuous improvement.
Stay ahead of the curve by continuously learning about emerging browser security threats, tools, and industry trends.
What You Bring to the Table:
Proven experience in browser, application, or product security (Chromium/Chrome or other browser engine expertise highly desirable).
In-depth understanding of modern browser architectures, including XSS, CSP, sandboxing, extension security, and WebView-specific threats.
Experience conducting security reviews and threat modeling for web, mobile, and extension platforms.
Exceptional ability to collaborate effectively with engineers, product leaders, and external security researchers.
Bonus Points:
Contributions to open-source browser projects, security research, or active participation in bug bounty programs.
Experience with web and mobile threat modeling methodologies.
Familiarity with secure sync and cross-device communication mechanisms.
A proven track record of proactive security work embedded within product development teams.
Why Comet?
Shape the Future: Directly influence the security strategy of a groundbreaking browser product.
Tackle Complex Challenges: Work on cutting-edge problems at the intersection of custom Chromium engineering, browser extensions, and mobile security.
Collaborate with the Best: Join a team of top-tier engineers in an environment that values security and product excellence above all else.
Compensation: The salary range for this role is $250,000 - $350,000. Final offer amounts are determined by factors including experience and expertise, and may vary from the amounts listed above.
Equity: In addition to base salary, equity may be part of the total compensation package.
Benefits: We offer comprehensive health, dental, and vision insurance for you and your dependents, along with a 401(k) plan.