Sr. Security Engineer

Remote $98k–$162k senior 1 day ago full-time quality 8.5/10

Role in brief

Brave is seeking a Senior Security Engineer to protect user privacy through security reviews, penetration testing, and code implementation for their browser and related products. This role is ideal for someone with significant experience in security engineering, C++, and AWS infrastructure security, who thrives in a remote, asynchronous environment and is passionate about privacy.

Security AuditingGitAWS Infrastructure SecuritySecurity EngineeringTechnical DocumentationChromium SecurityPenetration TestingRust ProgrammingWeb Security ModelGo ProgrammingC++ Programming

About the role

This Senior Security Engineer position involves safeguarding Brave's products and infrastructure. Key responsibilities include conducting security reviews, triaging and resolving security reports, designing and implementing security-focused code, and performing penetration tests. The role is critical for maintaining the privacy and security standards Brave promises to its users.

The successful candidate will join a fully remote team focused on innovation in online privacy. This team values independent work with minimal meetings, operating within a flat organizational structure. The role requires comfort with asynchronous communication and collaboration within a geographically distributed team.

Success in this role means effectively identifying and mitigating security vulnerabilities across Brave's diverse product ecosystem, including their browser, search engine, and crypto wallet. It involves contributing to a more secure web experience for millions of users, requiring a deep understanding of web security models and the ability to navigate complex codebases.

The salary for this position ranges from $98,000 to $162,000 USD.

Skills that matter here

  • Security Auditing: This role involves conducting security audits as part of the review process for Brave products.
  • AWS Infrastructure Security: The engineer will be responsible for securing Brave's infrastructure hosted on AWS.
  • Chromium Security: Familiarity with Chromium's architecture, especially its security aspects, is a preferred qualification for this position.
  • Penetration Testing: A core function of this role is performing penetration tests on Brave's products and infrastructure.
  • Rust Programming: Proficiency in Rust is a preferred qualification, indicating its use in some Brave projects.
  • C++ Programming: C++ proficiency is required for both implementing and reviewing code within Brave's codebase.

Who this role suits

  • A person with at least five years of experience in security engineering, comfortable with both offensive and defensive security practices.
  • Someone who can work effectively in a remote, asynchronous setting, managing their own tasks and communicating proactively.
  • An individual who is not intimidated by large, complex codebases and possesses a strong understanding of web security principles.
  • A candidate who is passionate about user privacy and open-source contributions, aligning with Brave's mission.

From the employer

Responsibilities

  • Security reviews of Brave products
  • Triaging and fixing security reports
  • Designing and implementing security-relevant code
  • Penetration tests of Brave products and infrastructure

Required qualifications

  • At least 5 years experience (or equivalent) in security engineering
  • Experience in penetration testing and/or security auditing
  • Proficiency in C++, both implementing and reviewing
  • Strong familiarity with the Web security model
  • Experience securing AWS infrastructure
  • Very comfortable working and communicating async with a geographically-distributed software development team
  • Be comfortable diving into an extremely large, unfamiliar and complex codebase
  • Be comfortable with Git and collaborating on GitHub

Preferred qualifications

  • Experience contributing to large open source codebases and/or participating in open source communities
  • Proficiency in Web technologies (HTML, CSS, JavaScript)
  • Proficiency in Go and Rust
  • DevOps experience
  • Contributions to other Web browsers
  • Familiarity with Chromium's architecture, especially security
  • Ability to write clear technical documentation and less technical writing for blog posts or public communication.
  • Be excited about privacy, anonymity, and censorship resistance!

Why Join Brave?

  • Industry-leader in privacy, with a research and engineering team that’s innovating everyday to keep people safer online and beat Big Tech
  • Highly competitive salaries & benefits, and generous home-office stipends
  • Fully remote team (no office, no commute)
  • Minimal meetings
  • Welcoming, humble, ridiculously smart teammates, and a truly flat org structure
  • Opportunity to get in early at a hyper-growth company, and revolutionize the web
  • Oh, and did we mention Brendan, our CEO & co-founder, invented JavaScript?

Questions about this role

What is the remote work policy for this role?

This is a fully remote position with no office or commute required, and the team operates asynchronously.

What level of seniority is expected for this position?

This is a senior-level position, requiring at least five years of experience in security engineering or equivalent.

What are the key technical skills required for this role?

Required skills include experience in penetration testing or security auditing, C++ proficiency, familiarity with the Web security model, and experience securing AWS infrastructure.

Similar jobs

Before you apply

  • Legitimate employers never ask you to pay anything to apply or get hired.
  • Never share seed phrases or private keys. No real job needs them.
  • Do not install software ("test tasks", "trading tools", "video call clients") sent during hiring.
  • Check that the application page's domain really belongs to Brave.