Staff Security and Privacy Engineer

About Brave: Brave is on a global mission to protect the human right to privacy online. We have built an award-winning, free web browser that blocks invasive third-party advertisements and tracker mechanisms by default, a private search engine built on a completely independent index, a browser-native crypto wallet, and an opt-in private ad network that directly rewards users for their attention. Already over 110+ million people have switched to Brave for a faster, safer, and completely private web experience. Led by co-founder and CEO Brendan Eich (the inventor of JavaScript), Brave is actively fighting back against Big Tech tracking engines to revolutionize how the decentralized web operates.

Position Overview

We are seeking a highly autonomous, code-fluent, and security-obsessed Staff Security and Privacy Engineer to join our centralized security cell under a permanent, full-time remote configuration open globally. In this high-stakes individual contributor seat, you will step up to claim absolute codebase auditing, vulnerability triage, and privacy-preserving protocol design accountability across Brave’s browser core and search engine components. Shifting completely away from routine back-office data entry transcription, basic helpdesk IT ticket routing, or consumer-facing graphic user interface design styling, you will run an active reverse-engineering, penetration testing, and cryptographic primitives laboratory—partnering closely with distributed browser developers. This position requires an engineering authority with 5+ years of software experience who reviews complex source trees fluidly natively using Cybersecurity and C++ practices, evaluates memory leaks and zero-day exploits cleanly across massive open-source systems, architectures censorship-resistant network behaviors, and drives technical security decisions confidently in a very low-meeting, highly async software culture.

Key Responsibilities

• Core Architecture Security Governance: Execute exhaustive, end-to-end security and privacy reviews across the Brave browser and Brave Search platform infrastructure natively utilizing Cybersecurity methodologies.
• Vulnerability Triage & Remediation: Manage, reproduce, and patch critical external security reports, zero-day threat disclosures, and memory-safety anomalies directly within the active repository.
• Privacy-Preserving Protocol Design: Partner cross-functionally across global engineering cells to architect, review, and implement advanced cryptographic and privacy-preserving protocol layers.
• Feature Code Engineering: Take hands-on, granular individual contributor ownership to design, develop, and ship cutting-edge web security, anonymization, and censorship-resistance capabilities.
• C++ Codebase Auditing: Dive deeply into an exceptionally large, unfamiliar, and multi-threaded source code blueprint to trace data-handling paths and enforce data protection fundamentals.
• Technical Documentation Synthesis: Create clear, precise engineering documentation, while occasionally authoring high-clarity technical blog summaries for public security visibility.

Required Skills & Qualifications

• A minimum of 5+ years of proven professional history operating inside a Security Engineering, Privacy Systems, Cloud Security, or identical software infrastructure capacity.
• Expert Low-Level Language Command: Deep, practical production proficiency writing and reviewing code solutions using C++, paired with a solid familiarity with Git and GitHub workflows.
• Expert-level, granular understanding of the modern Web Security Model (including DOM isolation, CORS, CSP rules, and multi-tenant authentication scopes) along with data protection primitives.
• Demonstrated experience in penetration testing, binary analysis, protocol verification, or advanced software security auditing.
• Outstanding written communication strengths, with an established capacity to collaborate synchronously and asynchronously with geographically distributed technical peers.
• Location Context: Position operates under 100% remote parameters open to qualified security authorities globally.

Preferred Strategic Indicators (Nice to Have)

• Prior experience contributing directly to massive open-source software distributions or participating within open-source browser development hubs (such as direct code contributions to Chromium architecture).
• Fluency or practical development comfort writing performant code using web technologies (HTML, CSS, JavaScript) or modern systems programming languages like Go and Rust.
• Deep personal alignment with privacy rights, internet anonymization layers, and anti-censorship platform engineering.

What We Offer

• Top Competitive Global Compensation: Highly competitive base salary structures tailored to top-tier security talent, supplemented by attractive benefits and robust equity avenues.
• 100% remote-first operational freedom with an elite, hyper-growth team and a truly flat corporate architecture containing no administrative commute.
• Very-Low-Meeting Culture: A modern developer ecosystem that completely rejects bloated meetings, opting instead for high-trust asynchronous text documentation and writing.
• Generous home-office technology spending stipends to optimize your remote developer security laboratory.
• Progressive Leave Infrastructure: Access to unlimited PTO models within the United States, and a highly structured 20 days + birthday leave matrix for personnel in Canada and identical global areas.
• Direct professional credentials built by engineering an award-winning web browser that shields millions of global citizens daily.