O pozici
Hi, we're DuckDuckGo, the online protection company and remote-first team of 300+ on a mission to raise the standard of trust online. Founded in 2008 and profitable since 2014, annual revenue now exceeds $100m USD and millions use our browser on Mac , Windows , iOS , and Android , our search engine , and the DuckDuckGo subscription . Our culture of trust, inclusivity, and empowered project management underpins everything we do, where each team member takes full ownership of their projects, from scoping and execution to postmortem. If you're seeking end-to-end ownership of your work — you've come to the right place!
Co budeš dělat
- Working on the Security Functional Team, you'll play a pivotal role in ensuring our security capabilities keep pace with our rapid product development, directly protecting our users across all our products.
- You'll also maintain incident detection and response capabilities for the company, and work on general security related projects.
- Recent projects include:
- Browser security audits
- SERP security mitigations
- As a Senior Web Security Engineer, Browser Platform , you'll conduct browser security audits (special pages, DuckAI integrations, password manager, etc.), execute on SERP security mitigations (XSS prevention, tooling development to help engineers write safer code), manage application security scanning infrastructure setup (aka SAST/DAST integrations in GitHub), and deliver on Internal red-team ope
Koho hledáme
- 7+ years of experience in web or application security (performing security assessments, vulnerability research, penetration testing, or secure code review)
- Advanced programming or scripting experience with JavaScript. Any additional experience with our stack is a bonus: Swift/Kotlin/C#/JavaScript (native apps) or JavaScript/Perl/Go (search).
- Experience with at least one WebView technology (WebKit, WebView2, Chromium WebView, etc.) and understanding of browser security models (SOP, CSP, CORS, SameSite cookies)
- Hands-on experience identifying and exploiting web vulnerabilities (XSS, CSRF, injection attacks, authorization flaws, etc.)
- Familiarity with security testing tools and frameworks
- Experience partnering and collaborating with Product Engineers, advising on security matters and helping teams ship secure code faster
- Experience shaping how an organisation thinks about security - driving best practices, improving processes, and raising the bar across teams
Benefity
- Compensation: $ 178,500 USD annually and stock options. Compensation is identical within professional levels , regardless of geographic location or team. Compensation for each professional level is transparent across the organization.
- Eligibility for company-sponsored health benefits is limited to team members based in the United States. This program does not extend to team members located in other countries, such as Canada or the UK.
- Our Team Member Support Guide explains how we prioritize your wellbeing including paid parental leave, office setup, and co-working allowances.
