Staff Software Engineer
Remote
New York,Remote (US, Canada)
$225,000 - $300,000/yearly
Staff
Top Benefits
Choose-Your-Own Compensation Plan (salary vs equity)
Full medical, vision, dental insurance; 100% employee cost
Recommended minimum 20 days vacation per year
About the role
Who you are
- 5+ years leading large-scale security engineering projects and shipping security features in production
- Strong coding skills in one or more of Golang, Swift, TypeScript, or Python; comfortable working across native client and backend services
- Excellent cross-functional communication; able to align and coordinate across Product, Infra, IT, and Legal to deliver high-impact outcomes quickly
- Privacy-minded with a bias for high-velocity execution and clear prioritization
- Our team is based in North American time zones and require that folks have 4+ hours of overlap time with team members in Eastern Time Zone
- Proven vulnerability management execution: SCA/SBOM, code scanning/fuzzing, triage, and fast patch pipelines
- Familiarity with client side software development. With Browser or Chromium development a plus
- Familiarity with designing and working with crypto and key management is a plus
- Familiarity with AI/LLM security risks (prompt injection, tool-use abuse, data exfiltration) and practical guardrail patterns
What the job involves
- As a Staff Software Engineer, Security at The Browser Company, You will lead and ship Dia-specific security features that make the product enterprise-ready and resilient by default
- This is a hands-on role focused on execution: you’ll drive the highest-impact security work across client and server surfaces, coordinate with multiple teams to sequence priorities, and continually account for AI-driven risks (prompt injection, tool abuse, data exfiltration) in every design and review
- You will report to the Head of Security, working closely with Product, Infra, IT, and Legal to ship security features fast
- Overall you will design and ship enterprise security features in the Dia product: MDM policies/profiles, managed accounts, SSO/SAML/OIDC, SCIM provisioning, RBAC/permissions, and audit logging
- Develop and uphold security policies and procedures across the organization, support compliance efforts, and lead incident response
- Drive Dia’s security architecture and threat modeling across client and backend surfaces with an AI-first threat lens
- Secure cross-device sync end-to-end: key management, encryption-at-rest/in-transit, integrity protections, recovery/rotation, and abuse prevention
- Expand and run vulnerability management for Dia (client, services): SCA/SBOM, static/dynamic analysis, fuzzing, dependable patch pipelines, triage SLAs, and coordinate with our partners to improve bug bounty intake process
- Harden both the client and services: sandboxing/isolation, content sanitization for untrusted web inputs, permission and capability scoping, and secure-by-default frameworks
- Develop AI-aware defenses that make our systems intrinsically secure, with guardrails against prompt injection/jailbreaks, output filtering/policy enforcement, red teaming/adversarial testing, and incident playbooks
- Establish metrics and dashboards tracking the effectiveness of our security infrastructure and programs (e.g., vuln backlog burn-down, time-to-patch, coverage of enterprise controls) to guide priority and measure impact
- Technical Projects You’ll Shape With Us…
- Architect and deliver enterprise security features for Dia, including MDM integration, managed accounts, and advanced authentication/authorization controls
- Architect and implement of secure cross-device syncing capabilities, focusing on cryptography, key management, and recovery processes
- Build and refine vulnerability management processes, including static and dynamic analysis, fuzzing, and coordination with external partners for bug bounty intake
- Collaborate with engineering and product teams to embed secure-by-default patterns and frameworks throughout Dia’s codebase
- Drive the creation and evolution of security metrics and dashboards to measure and communicate impact across the organization
- Join our team’s on-oncall rotation, helping the team keep our services reliable and responding to production and security incidents
The application process
- Deadline to Apply: 30 November 2025 at 05:00 GMT
Benefits
- Choose-Your-Own-Compensation Plan: When we give you a job offer, we’ll actually give you two different offers — one that is focused on having a higher salary and one focused on higher equity. Candidates can choose either offer (or any numbers in-between) when they accept.
- Best in the Biz Insurance: We provide employees with full coverage medical, vision, and dental insurance and a free One Medical membership to help you keep you and your family healthy. We cover 100% of employee plan costs and up to 90% for dependents.
- Napping During the Workday: Some of us are better in the mornings, others are more productive in the afternoon. People should take breaks when they need to. If you’re on our team, we trust you to get your work done — our policy is: work when it makes sense for you!
- Take Time Off, Please!: We believe that people do their best work when they’ve rested and had valuable time off. So rather than having a maximum number of days off, we actually have a recommended minimum vacation of 20 days a year. Take time off when you need it and also just when you feel like it.
- Extremely Flexible Parental Leave: We are proud to offer an extremely flexible 12 weeks of parental leave — for any parent regardless of gender and for birth, adoption, surrogacy, or fostering. Take the 12 weeks all at once, or split up days to slowly transition back to work — we’re accommodating to everyone’s different situations! Birth mothers also qualify for an additional 6 weeks of medical leave.
- Design Your Dream Home Office: We are a remote first company. About half of our team currently lives outside of New York and across 5 different time zones. So if you need some stuff to make working from home a bit easier, we offer a $1000 stipend for anything you need to get comfortable.
- Cozy Office in Brooklyn, Wooo!: If you do happen to live in the New York area (or you want an excuse to visit) you can come into our beautiful office in Williamsburg. Coming into office is entirely optional, some of us come almost every day and some of us come in once a week. No obligation, we just genuinely like each other!
About The Browser Company
Software Development
51-200
The Browser Company of New York is a group of friendly humans working to make the internet feel more like home. But how?
The web browser is one of the most important tools we use — not just on our computers, but in our lives. The world has changed in the past 15 years, but our web browsers look and behave pretty much the same. We think it’s time to push the web browser forward again, which is why we built Arc — a browser that’s not just faster, but also more personal, focused, creative… and maybe even more fun.
If this is as exciting for you as it is for us, don't hesitate to say hello! We're always looking for great people to join our mission.
Staff Software Engineer
Remote
New York,Remote (US, Canada)
$225,000 - $300,000/yearly
Staff
Top Benefits
Choose-Your-Own Compensation Plan (salary vs equity)
Full medical, vision, dental insurance; 100% employee cost
Recommended minimum 20 days vacation per year
About the role
Who you are
- 5+ years leading large-scale security engineering projects and shipping security features in production
- Strong coding skills in one or more of Golang, Swift, TypeScript, or Python; comfortable working across native client and backend services
- Excellent cross-functional communication; able to align and coordinate across Product, Infra, IT, and Legal to deliver high-impact outcomes quickly
- Privacy-minded with a bias for high-velocity execution and clear prioritization
- Our team is based in North American time zones and require that folks have 4+ hours of overlap time with team members in Eastern Time Zone
- Proven vulnerability management execution: SCA/SBOM, code scanning/fuzzing, triage, and fast patch pipelines
- Familiarity with client side software development. With Browser or Chromium development a plus
- Familiarity with designing and working with crypto and key management is a plus
- Familiarity with AI/LLM security risks (prompt injection, tool-use abuse, data exfiltration) and practical guardrail patterns
What the job involves
- As a Staff Software Engineer, Security at The Browser Company, You will lead and ship Dia-specific security features that make the product enterprise-ready and resilient by default
- This is a hands-on role focused on execution: you’ll drive the highest-impact security work across client and server surfaces, coordinate with multiple teams to sequence priorities, and continually account for AI-driven risks (prompt injection, tool abuse, data exfiltration) in every design and review
- You will report to the Head of Security, working closely with Product, Infra, IT, and Legal to ship security features fast
- Overall you will design and ship enterprise security features in the Dia product: MDM policies/profiles, managed accounts, SSO/SAML/OIDC, SCIM provisioning, RBAC/permissions, and audit logging
- Develop and uphold security policies and procedures across the organization, support compliance efforts, and lead incident response
- Drive Dia’s security architecture and threat modeling across client and backend surfaces with an AI-first threat lens
- Secure cross-device sync end-to-end: key management, encryption-at-rest/in-transit, integrity protections, recovery/rotation, and abuse prevention
- Expand and run vulnerability management for Dia (client, services): SCA/SBOM, static/dynamic analysis, fuzzing, dependable patch pipelines, triage SLAs, and coordinate with our partners to improve bug bounty intake process
- Harden both the client and services: sandboxing/isolation, content sanitization for untrusted web inputs, permission and capability scoping, and secure-by-default frameworks
- Develop AI-aware defenses that make our systems intrinsically secure, with guardrails against prompt injection/jailbreaks, output filtering/policy enforcement, red teaming/adversarial testing, and incident playbooks
- Establish metrics and dashboards tracking the effectiveness of our security infrastructure and programs (e.g., vuln backlog burn-down, time-to-patch, coverage of enterprise controls) to guide priority and measure impact
- Technical Projects You’ll Shape With Us…
- Architect and deliver enterprise security features for Dia, including MDM integration, managed accounts, and advanced authentication/authorization controls
- Architect and implement of secure cross-device syncing capabilities, focusing on cryptography, key management, and recovery processes
- Build and refine vulnerability management processes, including static and dynamic analysis, fuzzing, and coordination with external partners for bug bounty intake
- Collaborate with engineering and product teams to embed secure-by-default patterns and frameworks throughout Dia’s codebase
- Drive the creation and evolution of security metrics and dashboards to measure and communicate impact across the organization
- Join our team’s on-oncall rotation, helping the team keep our services reliable and responding to production and security incidents
The application process
- Deadline to Apply: 30 November 2025 at 05:00 GMT
Benefits
- Choose-Your-Own-Compensation Plan: When we give you a job offer, we’ll actually give you two different offers — one that is focused on having a higher salary and one focused on higher equity. Candidates can choose either offer (or any numbers in-between) when they accept.
- Best in the Biz Insurance: We provide employees with full coverage medical, vision, and dental insurance and a free One Medical membership to help you keep you and your family healthy. We cover 100% of employee plan costs and up to 90% for dependents.
- Napping During the Workday: Some of us are better in the mornings, others are more productive in the afternoon. People should take breaks when they need to. If you’re on our team, we trust you to get your work done — our policy is: work when it makes sense for you!
- Take Time Off, Please!: We believe that people do their best work when they’ve rested and had valuable time off. So rather than having a maximum number of days off, we actually have a recommended minimum vacation of 20 days a year. Take time off when you need it and also just when you feel like it.
- Extremely Flexible Parental Leave: We are proud to offer an extremely flexible 12 weeks of parental leave — for any parent regardless of gender and for birth, adoption, surrogacy, or fostering. Take the 12 weeks all at once, or split up days to slowly transition back to work — we’re accommodating to everyone’s different situations! Birth mothers also qualify for an additional 6 weeks of medical leave.
- Design Your Dream Home Office: We are a remote first company. About half of our team currently lives outside of New York and across 5 different time zones. So if you need some stuff to make working from home a bit easier, we offer a $1000 stipend for anything you need to get comfortable.
- Cozy Office in Brooklyn, Wooo!: If you do happen to live in the New York area (or you want an excuse to visit) you can come into our beautiful office in Williamsburg. Coming into office is entirely optional, some of us come almost every day and some of us come in once a week. No obligation, we just genuinely like each other!
About The Browser Company
Software Development
51-200
The Browser Company of New York is a group of friendly humans working to make the internet feel more like home. But how?
The web browser is one of the most important tools we use — not just on our computers, but in our lives. The world has changed in the past 15 years, but our web browsers look and behave pretty much the same. We think it’s time to push the web browser forward again, which is why we built Arc — a browser that’s not just faster, but also more personal, focused, creative… and maybe even more fun.
If this is as exciting for you as it is for us, don't hesitate to say hello! We're always looking for great people to join our mission.