We secure the SaaS apps companies actually run on: M365, Salesforce, and hundreds more. You’d be on the Threat product team working full-stack. That means browser extension code (content/background scripts, manifest v3, message passing), backend services chewing through millions of events, and the data pipelines feeding our detection engine. One day you’re in TypeScript debugging why a content script won’t capture form submissions on some vendor’s weird SPA. The next you’re in Python fixing a Kafka consumer that’s falling behind. Sometimes you’re in Rust optimizing a hot path in the telemetry collector.
Big current focus is shadow AI, i.e. catching when employees paste sensitive data into ChatGPT, Claude, or whatever LLM showed up this week. You’d build the systems that detect it.
Looking for ~8+ yrs experience, real browser knowledge (DOM, event loop, SPA routing, CORS, not just “I used React”), prior browser extension work, strong TypeScript, comfortable in Python, willing to write Rust, plus data-at-scale chops (event streaming, Postgres, Elasticsearch, Kafka). Bonus: AI security (prompt injection, exfiltration), detection engineering/SIEM, or security tooling.
Apply via the link above, or see all our open roles at https://www.obsidiansecurity.com/careers