Senior Web Security Engineer, Browser Platform

Job not on LinkedIn

🕒 May 4

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

DuckDuckGo

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2008

🔒 Cybersecurity

Cybersecurity • Software

DuckDuckGo is an independent Internet privacy company dedicated to providing users with tools that enhance their online privacy. Best known for its search engine, DuckDuckGo offers a free web browser and browser extensions for iOS, Android, Mac, and Windows that include built-in privacy features such as tracker blocking, encryption, and email protection. Unlike traditional search engines and browsers that track search and browsing history, DuckDuckGo prioritizes user privacy by preventing tracking and targeted advertising. The company operates on the premise that privacy should be simple and accessible, offering a private alternative to major tech companies while remaining financially sustainable through non-invasive ads based on search results rather than personal data.

📋 Description

• Conduct browser security audits (special pages, DuckAI integrations, password manager, etc.) • Execute on SERP security mitigations (XSS prevention, tooling development to help engineers write safer code) • Manage application security scanning infrastructure setup (aka SAST/DAST integrations in GitHub) • Deliver on Internal red-team operations (simulated attack scenarios) • Support security triage • Work on general security related projects

🎯 Requirements

• 7+ years of experience in web or application security (performing security assessments, vulnerability research, penetration testing, or secure code review) • Advanced programming or scripting experience with JavaScript. Any additional experience with our stack is a bonus: Swift/Kotlin/C#/JavaScript (native apps) or JavaScript/Perl/Go (search). • Experience with at least one WebView technology (WebKit, WebView2, Chromium WebView, etc.) and understanding of browser security models (SOP, CSP, CORS, SameSite cookies) • Hands-on experience identifying and exploiting web vulnerabilities (XSS, CSRF, injection attacks, authorization flaws, etc.) • Familiarity with security testing tools and frameworks • Experience partnering and collaborating with Product Engineers, advising on security matters and helping teams ship secure code faster • Experience shaping how an organisation thinks about security - driving best practices, improving processes, and raising the bar across teams

🏖️ Benefits

• paid parental leave • office setup • co-working allowances