Browser Security Engineer

About the Role

As Comet continues to grow as a stand-alone product and codebase, we are seeking a Browser Security Engineer to lead and own browser-specific security initiatives, including custom Chromium development, extension security, and cross-device features.

• Browser/Chromium Security: Browser security encompasses threats and vulnerabilities (e.g., XSS and Same-Origin Policy issues).

• Custom Engineering: The Comet product features substantial custom work, including our Chromium fork, browser extensions, and secure sync features between devices.

• Proactive Partnership: As Comet’s complexity grows, a dedicated security engineer embedded with the product team will enable us to proactively identify and address concerns—well before red-teaming or external audits.

What You’ll Do

• Lead threat modeling and security architecture reviews for all Comet browser surfaces.

• Collaborate closely with product and engineering teams to proactively identify and mitigate browser vulnerabilities, especially issues specific to custom Chrome engineering and browser extension architecture.

• Develop security best practices, tooling, and documentation for engineers building browser-facing features.

• Serve as the security expert for topics such as Same-Origin Policy (SOP), XSS, sandboxing, browser extension permissions, and secure inter-device communication.

• Triage and resolve vulnerabilities found by external researchers (e.g., bug bounty, red-teaming partners) and the Chromium community.

• Build strong relationships with security partners and leverage their feedback for continuous improvement.

• Stay up to date on emerging browser security threats, tools, and industry trends.

What We're Looking For

• Prior experience in browser, application, or product security (ideally with Chrome/Chromium or other browser engine experience).

• Deep knowledge of modern browser architectures; understanding of XSS, CSP, sandboxing, extension security, and WebView-specific threats.

• Experience with security reviews and threat modeling for web, mobile, and extension platforms.

• Ability to work cross-functionally with engineers, product leads, and external security researchers.

Nice to Have

• Contributions to open-source browser projects, security research, or participation in bug bounty programs.

• Experience with web and mobile threat modeling.

• Familiarity with secure sync and cross-device communication mechanisms.

• Track record of proactive security work embedded within product teams.

Why Join Us?

• Shape security strategy for a next-generation browser product.

• Work on challenging problems at the intersection of custom Chromium engineering, browser extensions, and mobile security.

• Collaborate with top engineers in an environment that prioritizes security and product excellence.