Senior Web Security Engineer

About the Role: DuckDuckGo is the online protection company on a mission to raise the standard of trust online. As a Senior Web Security Engineer on the Browser Platform, you'll play a pivotal role in ensuring security capabilities keep pace with rapid product development, directly protecting users across all products.

What You'll Do

• Conduct browser security audits for special pages, DuckAI integrations, and the password manager.
• Execute SERP security mitigations, including XSS prevention and tooling development for safer code.
• Manage application security scanning infrastructure setup (SAST/DAST integrations in GitHub).
• Deliver on internal red-team operations (simulated attack scenarios) and support security triage.
• Maintain incident detection and response capabilities for the company.

What You Bring

• 7+ years of experience in web or application security (security assessments, vulnerability research, penetration testing, or secure code review).
• Advanced programming or scripting experience with JavaScript (Swift, Kotlin, C#, Perl, or Go is a bonus).
• Experience with at least one WebView technology (WebKit, WebView2, Chromium WebView) and understanding of browser security models (SOP, CSP, CORS).
• Hands-on experience identifying and exploiting web vulnerabilities like XSS, CSRF, and injection attacks.

Benefits

• Annual Compensation: $178,500 USD plus stock options.
• Paid parental leave, office setup, and co-working allowances.
• Flexible work arrangement with no core hours (average 40 hours/week).
• 100% remote work flexibility globally (with occasional travel for team retreats).