Original listing text, shown exactly as published by the company.
Competencies/Requirements
- Experience building production software, with deep, hands-on experience in browser automation (Playwright, Puppeteer, or Selenium) against real, non-trivial web applications.
- Strong TypeScript / Node.js skills and comfort living inside the headless-browser stack, including Chromium internals, the Chrome DevTools Protocol, network interception, the DOM, and JS execution contexts.
- A track record of taming flaky, stateful, JavaScript-heavy apps. You've fought SPA timing, authentication, and anti-automation defenses and won.
- Solid instincts for distributed/concurrent systems: queues, backpressure, retries, idempotency, and running many browser sessions reliably at scale.
- A bias toward determinism and debuggability, and the judgment to reach for an LLM only when a deterministic approach genuinely can't do the job.
- Ownership mentality: you are comfortable taking a critical subsystem from "works" to "works unattended, at scale, against someone else's production environment."
Desired/Nice to Have
- Experience with agentic browser frameworks (Stagehand, Browser Use, or similar) or building LLM-in-the-loop automation.
- Background in web application security or offensive tooling — familiarity with broken access control, IDOR/BOLA, SQLi, XSS, SSRF, or SSTI in the wild.
- Familiarity with graph data models (e.g., Neo4j) for representing application structure.
- Experience with large-scale crawling, endpoint discovery (e.g., parsing/analyzing client-side JS), or session/credential management for automated access.
- Comfort working in an environment where correctness against a live customer system is a hard, non-negotiable constraint.
What makes you stand out
- You’ve gone beyond using tools like Playwright or Puppeteer to actually hacking on their internals or contributing to the core.
- You’ve built browser automation at extreme scale, handling thousands of sessions against hostile, heavily-defended targets. You know exactly how systems break under pressure and have the war stories to prove it.
- You’ve successfully outmaneuvered sophisticated WAFs, anti-bot defenses, and fingerprinting mechanisms in production environments.
- You have an offensive security mindset: you don’t just navigate a web app; you actively map its attack surface and hunt for unreachable paths.
- You have battle-tested experience with LLMs in production. You understand the engineering trade-offs: knowing when AI is an asset and when it introduces unacceptable latency or nondeterminism compared to a deterministic script.
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.
Application Note
In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.
