The Senior Software Engineer - Browser Extensions will own the architecture and implementation of Securly's onboard filtering engine — building a local policy cache and real-time filtering decision engine inside the Chrome extension that moves filtering decisions on-device, improving speed, reliability, and bypass resistance for millions of students on Chromebooks.
You will design and build the system that eliminates the cloud round-trip for 80% of filtering decisions: a local policy cache with delta sync, a filtering decision engine running inside the MV3 service worker, and the bypass prevention layer that ensures the security model is not exploitable.
At L5, this role carries additional strategic weight. Google's Filter and Monitor platform shift is moving ChromeOS toward native Content Filtering APIs and away from browser extensions as the primary enforcement point. You will track this transition, evaluate its implications for Securly's extension strategy, and surface architectural recommendations — not just implement the current plan.
- Own the architecture of the onboard filtering engine: local policy cache, delta sync protocol, filtering decision engine, and bypass prevention layer.
- Architect and implement the local policy cache: delta sync protocol, TTL management, cache invalidation logic, and graceful cloud fallback.
- Build the onboard filtering decision engine in the MV3 service worker: domain matching, URL categorization, iframe detection using DOM context, and allow/block decisions.
- Implement and harden bypass prevention: same-origin policy, CSP, CORS, iframe sandboxing, content script/page context boundaries, and timing-based attack vectors.
- Track Google's Filter and Monitor platform evolution (ChromeOS Content Filtering APIs); write architectural memos evaluating implications for Securly's extension strategy.
- Lead the transition and implementation of new filtering features using TypeScript and modern JavaScript within the MV3 framework.
- Optimize extension performance to add negligible latency on consumer-grade student Chromebook hardware; define and enforce performance budgets.
- Mentor Ashish M (L4) and new extension hires: substantive code reviews, pair on security model design, drive team understanding of bypass threat vectors.
- Manage chrome.storage.local within platform limits; evaluate IndexedDB for policy cache requirements that exceed those limits.
- TypeScript & JavaScript mastery — expert-level: async/await, Promises, event-driven architecture, memory management in long-running service workers. 5+ years at this level.
- Chrome Extension development (MV3) — deep production experience with Manifest V3, service workers, content scripts, chrome.storage, and declarativeNetRequest / webRequest APIs.
- Browser security model — thorough understanding of same-origin policy, CSP, CORS, iframe sandboxing, and the content script/page context boundary.
- Security-first architecture — proven ability to enumerate attack surfaces before writing the first line of code. L5 means you define the threat model.
- Local caching / offline-first architecture — delta sync, TTL management, cache invalidation design, chrome.storage.local limits, and IndexedDB.
- Technical communication — written ADRs, threat model documents, and platform evaluation memos that inform cross-team strategy.
- Performance profiling — Chrome DevTools profiling for extension impact on page load latency and memory on low-end Chromebook hardware.
- Web filtering / content classification — URL categorization, domain matching, iframe content detection, allow/block decision logic.
- Google Filter and Monitor platform — awareness of ChromeOS Content Filtering API direction and strategic implications for extension-based filtering products.
- ChromeOS / Google Admin Console — enterprise extension management, force-install behavior, Chrome policy effects on extension runtime.
- Test automation (extension testing) — Puppeteer, Playwright, or Selenium with extension loading.
- Kotlin — relevant if contributing to mobile filtering work alongside the Android engineering team.
- K-12 EdTech domain — familiarity with how schools manage Chromebook fleets and student filtering compliance requirements.
- You know how browsers actually work — not just the APIs, but the security model, the process model, and the specific ways students try to break it.
- You have shipped production Chrome extensions at scale and know what service worker memory management means on a 4GB Chromebook.
- You track platform shifts (Google F&M, ChromeOS Content Filtering API) and understand what they mean for your system's architecture.
- You produce written artifacts (ADRs, threat models, platform memos) that document your reasoning for the team and for leadership.
- You write TypeScript that other senior engineers learn from, and your code reviews raise the floor for the engineers around you.
L5 at Securly is a Staff Engineer. You are the technical owner, not just an implementer.
- Drive technical direction for your initiative end-to-end: from architecture to production, with minimal oversight from your engineering manager.
- Identify and resolve ambiguity in requirements, system boundaries, and design tradeoffs without waiting for a fully-formed spec.
- Mentor L3/L4 engineers on the team: code reviews, design feedback, pairing, and raising the bar for what production-quality work looks like.
- Partner with your L6 technical lead and the Distinguished Engineer on architectural decisions, surfacing tradeoffs clearly rather than deferring them upward.
- Contribute to cross-team engineering standards: you are expected to influence practices beyond your immediate squad.
- Translate technical context into clear written artifacts that non-engineers (PM, Support, Leadership) can act on.
- Participate in on-call rotation and own the full incident lifecycle for your system: detection, diagnosis, resolution, and retrospective.
Securly processes over 1.1 billion requests per day and 54 TB of data daily, protecting more than 20 million students across 20,000+ schools globally. Since pioneering the first cloud-based web filter for K-12 in 2013, Securly has built one of the most trusted, high-scale platforms for student safety, wellness, and engagement. By turning data into meaningful, actionable intelligence, Securly enables schools to identify risk earlier, reduce harmful incidents, and strengthen student support.
We are proud to be consistently recognized as a Top Place to Work, named a Top 40 Most Used EdTech platform, and included on the GSV 150 list as one of the most transformational growth companies in digital learning and workforce skills.
- Comprehensive Health Insurance (employee, parents, spouse, children)
- Accidental & Term Life Insurance
- Learning & Development reimbursement
- Paid Time Off
- Public Holidays (10+ per year)
- Retirement Benefits (EPF & gratuity)
- Parental Leave (as per statutory norms)
Securly is an Equal Opportunity Employer committed to inclusion, fairness, and respect. We welcome applicants from all backgrounds, identities, and experiences. #LI-REMOTE #LI-DO1
Skills Required
- Expert-level TypeScript & JavaScript proficiency - 5+ years
- Deep production experience with Chrome Extensions (MV3)
- Thorough understanding of the browser security model
- Proven ability in security-first architecture
- Experience with local caching / offline-first architecture
- Strong technical communication skills with writing ADRs and threat models
Securly Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Securly and has not been reviewed or approved by Securly.
-
Leave & Time Off Breadth — Unlimited PTO, a paid winter break, and a broad holiday schedule provide ample time away. Feedback suggests this breadth supports work-life balance across teams.
-
Parental & Family Support — Fully paid parental leave for birth, adoption, and fostering is available. Feedback suggests this level of family support is competitive for a mid-size tech employer.
-
Healthcare Strength — Company-sponsored medical, dental, and vision start shortly after hire, complemented by free, confidential mental health resources. Feedback suggests multiple plan options and counseling access bolster overall wellbeing.
Securly Insights
What We Do
Securly is the market leader in AI-powered student safety and wellness solutions, trusted by over 20 million students across 20,000+ schools worldwide. We believe every child deserves a learning environment that is safe, supportive, and free from harm or distraction. Since launching the world’s first cloud-based web filter for K–12 in 2013, Securly has been on a mission to redefine what technology can do for student well-being. Today, our award-winning platform uses AI and human insight to keep students safe online, identify signs of bullying, self-harm, or violence, and empower schools to take proactive, compassionate action. From web filtering and classroom management to mental health support and 24/7 human-verified alerts, our solutions protect, guide, and uplift students every day. Our technology has been credited with preventing more than 2,000 potential tragedies—proof of our commitment to making a life-changing impact at scale. Operating with the innovation and agility of a startup and the reach of a tech giant, Securly continues to lead the EdTech industry in shaping the future of student wellness, safety, and engagement. We’re proud to be recognized as a Top Place to Work, an EdTech Top 40 company, and one of the most widely adopted K–12 platforms in the U.S. At Securly, we don’t just build products—we build trust. We partner with educators, counselors, and administrators nationwide to create digital and physical spaces where students can learn, grow, and thrive.
Why Work With Us
Securly blends purpose and innovation—protecting 20M+ students with AI-powered solutions. Our people thrive: 82% engagement (vs. 73% global), 94% proud to work here, and 91% rate manager effectiveness above benchmarks. We grow from within, value learning, and turn innovation into impact.
Gallery
