The Browser Company is building a new browser that aims to be more than just a doorway to the internet, but a tool that empowers users to grow, create, and stay curious. The company needs to ensure this browser is enterprise-ready and resilient by default, addressing security concerns for businesses and handling AI-driven risks.
Requirements
- 5+ years leading large-scale security engineering projects and shipping security features in production.
- Strong coding skills in one or more of Golang, Swift, TypeScript, or Python; comfortable working across native client and backend services.
- Proven vulnerability management execution: SCA/SBOM, code scanning/fuzzing, triage, and fast patch pipelines.
- Familiarity with client side software development. With Browser or Chromium development a plus.
- Familiarity with designing and working with crypto and key management is a plus
- Familiarity with AI/LLM security risks (prompt injection, tool-use abuse, data exfiltration) and practical guardrail patterns.
Responsibilities
- Design and ship enterprise security features in the Dia product: MDM policies/profiles, managed accounts, SSO/SAML/OIDC, SCIM provisioning, RBAC/permissions, and audit logging.
- Develop and uphold security policies and procedures across the organization, support compliance efforts, and lead incident response.
- Drive Dia’s security architecture and threat modeling across client and backend surfaces with an AI-first threat lens.
- Secure cross-device sync end-to-end: key management, encryption-at-rest/in-transit, integrity protections, recovery/rotation, and abuse prevention.
- Expand and run vulnerability management for Dia (client, services): SCA/SBOM, static/dynamic analysis, fuzzing, dependable patch pipelines, triage SLAs, and coordinate with our partners to improve bug bounty intake process.
- Harden both the client and services: sandboxing/isolation, content sanitization for untrusted web inputs, permission and capability scoping, and secure-by-default frameworks.
- Develop AI-aware defenses that make our systems intrinsically secure, with guardrails against prompt injection/jailbreaks, output filtering/policy enforcement, red teaming/adversarial testing, and incident playbooks.
Other
- Excellent cross-functional communication; able to align and coordinate across Product, Infra, IT, and Legal to deliver high-impact outcomes quickly.
- Privacy-minded with a bias for high-velocity execution and clear prioritization.
- Our team is based in North American time zones and require that folks have 4+ hours of overlap time with team members in Eastern Time Zone.
