Senior Web Security Engineer, Browser Platform
DuckDuckGo
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $178,500 per year
Job Level
Senior
About the role
- Conduct browser security audits (special pages, DuckAI integrations, password manager, etc.)
- Execute on SERP security mitigations (XSS prevention, tooling development to help engineers write safer code)
- Manage application security scanning infrastructure setup (aka SAST/DAST integrations in GitHub)
- Deliver on Internal red-team operations (simulated attack scenarios)
- Support security triage
Requirements
- 7+ years of experience in web or application security (performing security assessments, vulnerability research, penetration testing, or secure code review)
- Advanced programming or scripting experience with JavaScript
- Experience with at least one WebView technology (WebKit, WebView2, Chromium WebView, etc.)
- Hands-on experience identifying and exploiting web vulnerabilities (XSS, CSRF, injection attacks, authorization flaws, etc.)
- Familiarity with security testing tools and frameworks
- Experience partnering and collaborating with Product Engineers, advising on security matters and helping teams ship secure code faster
- Experience shaping how an organisation thinks about security - driving best practices, improving processes, and raising the bar across teams
Benefits
- paid parental leave
- office setup
- co-working allowances
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
web securityapplication securitysecurity assessmentsvulnerability researchpenetration testingsecure code reviewJavaScriptWebView technologysecurity testing toolssecurity frameworks
Soft skills
collaborationadvisingprocess improvementbest practicescommunication