Browser Security Engineer
About The Position
Reflectiz is a fast-growing cybersecurity company specializing in proactive website security. Our unique remote monitoring technology helps organizations reduce security, privacy, and compliance risks-protecting critical digital assets that traditional solutions can’t fully cover.
Since our founding in 2019, we’ve built a global customer base that includes Fortune 500 enterprises and leading brands across North America, EMEA, and APAC. With strong year-over-year growth and a financially solid foundation, Reflectiz offers both stability and exciting opportunities for personal and professional development. Our teams in Israel and the United States foster an inclusive, collaborative culture that combines innovation with professionalism-allowing us to consistently deliver exceptional value to our customers.
We’re looking for a hands-on Browser Security Engineer with a strong hacker mindset, someone who enjoys diving into complex systems, questioning assumptions, and breaking things to truly understand how they work.All scanning is authorized and performed on customer-owned assets or explicit allowlists. In this role, you will build and maintain a Chromium-based scanning runtime that executes and instruments JavaScript on real websites at scale. You will dive deep into server-side logic and underlying browser mechanisms, uncovering and neutralizing security risks across complex systems.
Responsibilities
- Design, build, and evolve a web scanning engine that actively probes, analyzes, and stress-tests complex web applications to uncover hidden security risks
- Develop secure, scalable backend services in Node.js and TypeScript to power large-scale scanning and analysis infrastructure
- Engineer high-performance systems optimized for heavy load, real-world traffic patterns, and adversarial environments
- Optimize performance, resilience, and security, balancing deep inspection capabilities with production-grade reliability
- Work at the runtime level (event loop, async patterns, memory management, worker threads, clustering, streams, networking, queues, retries, and backpressure) to ensure efficiency and stability
- Debug and extend Chromium-based browser internals to better understand rendering, networking, and JavaScript execution in modern web applications
- Collaborate closely with security researchers, think like an attacker, and translate offensive findings into robust defensive mechanisms
- Handle advanced web defenses including WAFs, bot managers (challenge pages, fingerprinting, behavioral detection), rate limiting, dynamic rendering, SPAs, heavy JavaScript applications, authentication flows, and geo-based restrictions
Requirements
- 3–5 years of hands-on experience building complex web applications using JavaScript/TypeScript
- Strong understanding of how browsers work (DOM, rendering flow, performance implications)
- Good understanding of web security principles and common vulnerabilities (XSS, CSRF, etc.)
- Experience working on complex production systems, with the ability to quickly grasp architectures, mentally map system components, and reason at a low level
- Experience collaborating with Technical Engineers, Customer Success, and Sales to deliver secure solutions
- Curious, investigative mindset - enjoys dissecting complex systems and understanding how things break
Advantage
- Experience with Chromium internals, enhancing low-level browser understanding for web security
- Hands-on experience with Docker and Terraform, enabling efficient deployment and infrastructure automation
- Deep familiarity with GCP services, leveraging cloud capabilities for scalable, secure backend systems
