About the Role

As Comet continues to grow as a stand-alone product and codebase, we are seeking a Browser Security Engineer to lead and own browser-specific security initiatives, including custom Chromium development, extension security, and cross-device features.

Responsibilities

• Browser/Chromium Security: Browser security encompasses threats and vulnerabilities (e.g., XSS and Same-Origin Policy issues).
• Custom Engineering: The Comet product features substantial custom work, including our Chromium fork, browser extensions, and secure sync features between devices.
• Proactive Partnership: As Comet’s complexity grows, a dedicated security engineer embedded with the product team will enable us to proactively identify and address concerns—well before red-teaming or external audits.

What You’ll Do

1. Lead threat modeling and security architecture reviews for all Comet browser surfaces.
2. Collaborate closely with product and engineering teams to proactively identify and mitigate browser vulnerabilities, especially issues specific to custom Chrome engineering and browser extension architecture.
3. Develop security best practices, tooling, and documentation for engineers building browser-facing features.
4. Serve as the security expert for topics such as Same-Origin Policy (SOP), XSS, sandboxing, browser extension permissions, and secure inter-device communication.
5. Triage and resolve vulnerabilities found by external researchers (e.g., bug bounty, red-teaming partners) and the Chromium community.
6. Build strong relationships with security partners and leverage their feedback for continuous improvement.
7. Stay up to date on emerging browser security threats, tools, and industry trends.

What We're Looking For

• Prior experience in browser, application, or product security (ideally with Chrome/Chromium or other browser engine experience).
• Deep knowledge of modern browser architectures; understanding of XSS, CSP, sandboxing, extension security, and WebView-specific threats.
• Experience with security reviews and threat modeling for web, mobile, and extension platforms.
• Ability to work cross-functionally with engineers, product leads, and external security researchers.

Nice to Have

• Contributions to open-source browser projects, security research, or participation in bug bounty programs.
• Experience with web and mobile threat modeling.
• Familiarity with secure sync and cross-device communication mechanisms.
• Track record of proactive security work embedded within product teams.

Why Join Us?

1. Shape security strategy for a next-generation browser product.
2. Work on challenging problems at the intersection of custom Chromium engineering, browser extensions, and mobile security.
3. Collaborate with top engineers in an environment that prioritizes security and product excellence.

The cash compensation range for this role is $250,000 - $350,000. Final offer amounts are determined by multiple factors, including experience and expertise, and may vary from the amounts listed above.

Equity: In addition to the base salary, equity may be part of the total compensation package. Benefits: Comprehensive health, dental, and vision insurance for you and your dependents. Includes a 401(k) plan.