Browser Security Engineer

About The Role

As Comet continues to grow as a stand-alone product and codebase, Perplexity is seeking a Browser Security Engineer to lead and own browser-specific security initiatives, including custom Chromium development, extension security, and cross-device features.

• Browser/Chromium Security: Browser security encompasses threats and vulnerabilities (e.g., XSS and Same-Origin Policy issues).
• Custom Engineering: The Comet product features substantial custom work, including our Chromium fork, browser extensions, and secure sync features between devices.
• Proactive Partnership: As Comet’s complexity grows, a dedicated security engineer embedded with the product team will enable us to proactively identify and address concerns—well before red-teaming or external audits.

What You’ll Do

• Lead threat modeling and security architecture reviews for all Comet browser surfaces.
• Collaborate closely with product and engineering teams to proactively identify and mitigate browser vulnerabilities, especially issues specific to custom Chrome engineering and browser extension architecture.
• Develop security best practices, tooling, and documentation for engineers building browser-facing features.
• Serve as the security expert for topics such as Same-Origin Policy (SOP), XSS, sandboxing, browser extension permissions, and secure inter-device communication.
• Triage and resolve vulnerabilities found by external researchers (e.g., bug bounty, red-teaming partners) and the Chromium community.
• Build strong relationships with security partners and leverage their feedback for continuous improvement.
• Stay up to date on emerging browser security threats, tools, and industry trends.

What We're Looking For

• Prior experience in browser, application, or product security (ideally with Chrome/Chromium or other browser engine experience).
• Deep knowledge of modern browser architectures; understanding of XSS, CSP, sandboxing, extension security, and WebView-specific threats.
• Experience with security reviews and threat modeling for web, mobile, and extension platforms.
• Ability to work cross-functionally with engineers, product leads, and external security researchers.

Nice to Have

• Contributions to open-source browser projects, security research, or participation in bug bounty programs.
• Experience with web and mobile threat modeling.
• Familiarity with secure sync and cross-device communication mechanisms.
• Track record of proactive security work embedded within product teams.

Why Join Us?

• Shape security strategy for a next-generation browser product.
• Work on challenging problems at the intersection of custom Chromium engineering, browser extensions, and mobile security.
• Collaborate with top engineers in an environment that prioritizes security and product excellence.

Key skills/competency

• Browser Security
• Chromium Development
• Extension Security
• Threat Modeling
• Security Architecture
• XSS
• Same-Origin Policy (SOP)
• Sandboxing
• Security Best Practices
• Vulnerability Management