Senior Web Security Engineer, Browser Platform

Duck Duck Go, Inc.

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• As a Senior Web Security Engineer on DuckDuckGo’s Browser Platform team, you will play a pivotal role in safeguarding user trust by ensuring security capabilities evolve alongside rapid product development across all DuckDuckGo products, including the privacy-focused browser, search engine, and subscription services.
• Your day-to-day responsibilities will include conducting browser security audits (covering special pages, DuckAI integrations, password manager, etc.), implementing SERP security mitigations such as XSS prevention and developing tooling to help engineers write safer code, managing application security scanning infrastructure (SAST/DAST integrations in GitHub), leading internal red-team operations through simulated attack scenarios, supporting security triage, and collaborating with product engineers to embed security best practices into development workflows.
• You’ll be part of DuckDuckGo’s Security Functional Team within a remote-first, mission-driven organization of 300+ employees committed to raising the standard of trust online. The company, founded in 2008 and profitable since 2014, generates over $100M in annual revenue and fosters a culture of ownership, inclusivity, and empowered project management where every team member drives initiatives from scoping to postmortem.
• In this role, you will deepen your expertise in web and application security, influence organizational security posture by shaping best practices and processes, gain hands-on experience with modern browser security models and WebView technologies, and contribute directly to protecting millions of users globally through proactive vulnerability identification and mitigation.

🎯 Requirements

• 7+ years of experience in web or application security, including security assessments, vulnerability research, penetration testing, or secure code review
• Advanced programming or scripting experience with JavaScript; familiarity with Swift/Kotlin/C#/Java (native apps) or JavaScript/Perl/Go (search) is a bonus
• Hands-on experience identifying and exploiting web vulnerabilities such as XSS, CSRF, injection attacks, and authorization flaws
• Experience with at least one WebView technology (WebKit, WebView2, Chromium WebView, etc.) and understanding of browser security models (SOP, CSP, CORS, SameSite cookies)
• Experience partnering with Product Engineers to advise on security matters and help teams ship secure code faster
• Experience shaping organizational security practices by driving best practices, improving processes, and raising security standards across teams

🏖️ Benefits

• $178,500 USD annual base salary plus stock options, with compensation standardized by professional level regardless of location or team
• Comprehensive wellbeing support including paid parental leave, office setup stipend, and co-working allowances as outlined in the Team Member Support Guide
• Fully remote work with flexible hours (no core hours), expecting ~40 hours/week average commitment
• Opportunity to attend two annual in-person events: an all-hands meetup and a team retreat (each 4–5 days), strongly encouraged for team connection
• Access to DuckDuckGo’s AI-assisted hiring process with human oversight, designed to streamline review while ensuring transparency and data privacy in compliance with their Recruiting Privacy Policy

Skills & Technologies

JavaScript

Swift

Kotlin

GitHub

iOS

Senior

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Duck Duck Go, Inc.

Visit Website

About Duck Duck Go, Inc.

Internet search engine company founded in 2008 that emphasizes user privacy by not tracking search histories or creating personal profiles. Offers web search, mobile browsers, browser extensions, email protection and other privacy tools designed to block trackers and encrypt connections. Generates revenue through contextual advertising based on keywords rather than personal data. Headquartered in Paoli, Pennsylvania, the company operates as a privately held corporation focused on providing alternatives to data-driven search platforms.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.