We are looking for a curious, analytical, and detail‑oriented JavaScript/ Front End professional with a strong interest in understanding how malicious software operates within browser‑based applications, particularly web extensions. The ideal candidate has a solid background in code review and the ability to assess the true behavior of software beyond its declared functionality, and a strong motivation to identify security risks at scale.
This role requires a hands‑on technical profile with strong out‑of‑the‑box thinking, capable of auditing both submitted code and internal review tools to uncover potential security gaps. A proactive mindset, combined with strong analytical and investigative skills, is key to success in this position.
Key Responsibilities
- Analyze browser extension code using static and dynamic analysis techniques to identify security violations and malicious behavior.
- Perform code reverse engineering and debugging, primarily focused on JavaScript‑based front‑end technologies.
- Review extension source code to determine actual behavior versus declared functionality.
- Identify, document, and report security vulnerabilities, including impacted code areas and recommended remediation actions.
- Support the investigation and takedown of malicious browser extensions.
- Audit and assess internal review and detection tools to identify potential gaps or flaws.
- Identify emerging threat patterns and share insights with the team to improve detection capabilities.
- Define and implement rules and detection patterns to identify security violations at scale.
- Recommend and contribute to process improvements and automation to enhance efficiency and accuracy.
- Act as a technical consultant, providing guidance, clarification, and technical input to team members.
- Conduct code reviews and provide feedback aligned with secure coding best practices.
- Collaborate with cross‑functional teams and maintain clear, well‑structured technical documentation.
Required Skills
- Strong hands‑on experience with JavaScript, including advanced concepts such as closures, prototypes, variable scope, hoisting, callbacks, and object‑oriented principles.
- Proficiency in HTML and CSS.
- Solid experience in code review, with the ability to assess real behavior and intent.
- Experience working with database queries, such as SQL.
- Strong analytical mindset with curiosity and the ability to think creatively and critically.
Nice‑to‑Have Skills
- Knowledge of web application and cybersecurity fundamentals, including vulnerability assessment and remediation.
- Experience or familiarity with browser extensions and their lifecycle.
- Exposure to cybersecurity tools such as Burp Suite, Nmap, or similar open‑source tools.
- Understanding of malware categories and behaviors.
- Experience or familiarity with DAST and SAST methodologies.
- Understanding of obfuscation and de‑obfuscation techniques.
- Experience with Node.js, Webpack, and front‑end frameworks or libraries such as React, Angular, or jQuery.
- Strong experience in writing technical and security assessment reports.
