Staff Software Engineer Security

at The Browser Company
💰 $225k-$300k
💻 Software Development🟣 Senior

Job description

Hi, we’re The Browser Company 👋 and we’re building a better way to use the internet.

Browsers are unique in that they are one of the only pieces of software that you share with your parents as well as your kids. Which makes sense, they’re our doorway to the most important things — through them we socialize with loved ones, work on our passion projects, and explore our curiosities. But on their own, they don’t actually do a whole lot, they’re kind of just there. They don’t help us organize our messy lives or make it easier to compose our ideas. We believe that the browser could do so much more — it can empower and support the amazing things we do on the internet. That’s why we’re building one: a browser that can help us grow, create, and stay curious.

To accomplish this lofty task, we’re building a diverse team of people from different backgrounds and experiences. This isn’t optional, it’s crucial to our mission, as we need a wide range of perspectives to challenge our assumptions and shape our browser through a bold, creative lens. With that in mind, we especially encourage women, people of color, and others from historically marginalized groups to apply.

About The Role

As a Staff Software Engineer, Security at The Browser Company, You will lead and ship Dia-specific security features that make the product enterprise-ready and resilient by default. This is a hands-on role focused on execution: you’ll drive the highest-impact security work across client and server surfaces, coordinate with multiple teams to sequence priorities, and continually account for AI-driven risks (prompt injection, tool abuse, data exfiltration) in every design and review. You will report to the Head of Security, working closely with Product, Infra, IT, and Legal to ship security features fast.

Overall you will…

  • Design and ship enterprise security features in the Dia product: MDM policies/profiles, managed accounts, SSO/SAML/OIDC, SCIM provisioning, RBAC/permissions, and audit logging.

  • Develop and uphold security policies and procedures across the organization, support compliance efforts, and lead incident response.

  • Drive Dia’s security architecture and threat modeling across client and backend surfaces with an AI-first threat lens.

  • Secure cross-device sync end-to-end: key management, encryption-at-rest/in-transit, integrity protections, recovery/rotation, and abuse prevention.

  • Expand and run vulnerability management for Dia (client, services): SCA/SBOM, static/dynamic analysis, fuzzing, dependable patch pipelines, triage SLAs, and coordinate with our partners to improve bug bounty intake process.

  • Harden both the client and services: sandboxing/isolation, content sanitization for untrusted web inputs, permission and capability scoping, and secure-by-default frameworks.

  • Develop AI-aware defenses that make our systems intrinsically secure, with guardrails against prompt injection/jailbreaks, output filtering/policy enforcement, red teaming/adversarial testing, and incident playbooks.

  • Establish metrics and dashboards tracking the effectiveness of our security infrastructure and programs (e.g., vuln backlog burn-down, time-to-patch, coverage of enterprise controls) to guide priority and measure impact.

Technical Projects You’ll Shape With Us…

  • Architect and deliver enterprise security features for Dia, including MDM integration, managed accounts, and advanced authentication/authorization controls.

  • Architect and implement of secure cross-device syncing capabilities, focusing on cryptography, key management, and recovery processes.

  • Build and refine vulnerability management processes, including static and dynamic analysis, fuzzing, and coordination with external partners for bug bounty intake.

  • Collaborate with engineering and product teams to embed secure-by-default patterns and frameworks throughout Dia’s codebase.

  • Drive the creation and evolution of security metrics and dashboards to measure and communicate impact across the organization.

  • Join our team’s on-oncall rotation, helping the team keep our services reliable and responding to production and security incidents.

Qualifications

  • 5+ years leading large-scale security engineering projects and shipping security features in production.

  • Strong coding skills in one or more of Golang, Swift, TypeScript, or Python; comfortable working across native client and backend services.

  • Excellent cross-functional communication; able to align and coordinate across Product, Infra, IT, and Legal to deliver high-impact outcomes quickly.

  • Privacy-minded with a bias for high-velocity execution and clear prioritization.

  • Our team is based in North American time zones and require that folks have 4+ hours of overlap time with team members in Eastern Time Zone.

Experience in the below areas is not required, but would be nice to have:

  • Proven vulnerability management execution: SCA/SBOM, code scanning/fuzzing, triage, and fast patch pipelines.

  • Familiarity with client side software development. With Browser or Chromium development a plus.

  • Familiarity with designing and working with crypto and key management is a plus

  • Familiarity with AI/LLM security risks (prompt injection, tool-use abuse, data exfiltration) and practical guardrail patterns.

Compensation and Benefits

💰 With our flexible compensation model, employees have the ability to choose the cash-to-equity ratio that best suits their individual needs. Every offer we extend includes three options: a salary-optimized offer, an equity-optimized offer, and a balanced offer.

The annual salary range for this role is $225,000-$300,000. The actual salary range offered will vary based on experience level and interview performance.

🧘🏻‍♀️ In addition to a competitive salary and equity package, we provide every employee with the following benefits:

  • comprehensive benefits package with employee medical, dental, and vision - we cover 100% of premiums for employees, and up to 95% for dependents

  • 401k plan

  • flexible vacation policy - on average, our team members take between 15-20 vacation days a year, plus federal holidays (holidays vary by location)

  • remote-friendly working environment - our core working hours are 11 AM-2 PM Eastern Time Monday-Friday

  • 12 weeks of paid parental leave

  • $1,500 USD home office stipend

  • Employees based in the US also receive additional services like free annual memberships to One Medical (where available), Talkspace, Teladoc, and HealthAdvocate

The Browser Company is a well-funded, ambitious startup of close to 100 people (and growing!) who are passionate about building great products. We are a remote-first, distributed team, with the option to work from office in Brooklyn, New York. We strongly support diversity and encourage people from all backgrounds to apply.

🚙 To read more about what we value as a company, check out Notes on Roadtrips on our blog.

Share this job:
Please let The Browser Company know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at The Browser Company

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply