Software Engineer - Chrome Extension Specialist (JavaScript)

Role: Software Engineer - Chrome Extension Specialist (JavaScript)

JD:
Key Responsibilities

Chrome Extension Development

. Design and develop a full-featured Chrome Extension for credential management

. Implement secure local and cloud-based password storage with end-to-end encryption

. Create intuitive user interfaces for password capture, autofill, and credential management

. Develop password generation features with customizable complexity rules

. Build secure password sharing and organizational vault capabilities

. Implement browser auto-fill functionality across various web applications and authentication

flows

FIDO2 & Authentication

. Integrate FIDO2/WebAuthn soft token storage and management capabilities

. Implement secure key generation, storage, and authentication flows for FIDO2 credentials

. Develop features for managing multiple FIDO2 authenticators per user

. Ensure compliance with FIDO2 specifications and security best practices

. Implement biometric authentication integration where applicable

Backend Integration

. Design and implement secure RESTful APIs between the Chrome Extension and Java/Tomcat backend

. Implement secure session management and token-based authentication

. Develop synchronization mechanisms for credential data across devices

. Create robust error handling and recovery mechanisms

. Implement audit logging for security-critical operations

Security & Compliance

. Implement industry-standard encryption protocols (AES-256, RSA, etc.) for data protection

. Ensure secure storage practices using Chrome Extension storage APIs

. Conduct security reviews and threat modeling for all features

. Implement secure key derivation and management practices

. Follow OWASP guidelines and secure coding practices

. Ensure compliance with relevant security standards and regulations

Quality & Performance

. Write clean, maintainable, and well-documented code

. Develop comprehensive unit and integration tests

. Optimize extension performance to minimize resource consumption

. Implement robust error handling and logging mechanisms

. Participate in code reviews and contribute to technical documentation

Required Qualifications

Technical Skills

. 5+ years of professional software development experience

. 3+ years of hands-on experience developing Chrome Extensions with manifest V3

. Expert-level proficiency in JavaScript/TypeScript, HTML5, and CSS3

. Strong understanding of Chrome Extension APIs (storage, identity, webRequest, etc.)

. Experience with modern JavaScript frameworks (React, Vue, or Angular)

. Solid understanding of cryptography principles and secure coding practices

. Experience with WebAuthn/FIDO2 standards and implementation

. Proficiency in RESTful API design and consumption

. Experience with version control systems (Git)

Backend Knowledge

. Understanding of Java web application architecture

. Experience integrating with Java-based REST APIs

. Familiarity with Tomcat or similar application servers

. Knowledge of JWT, OAuth 2.0, and session management

Security Expertise

. Deep understanding of browser security models and Content Security Policy (CSP)

. Knowledge of encryption algorithms and secure key management

. Experience implementing secure data storage and transmission

. Understanding of authentication and authorization protocols

. Familiarity with security testing tools and methodologies

Soft Skills

. Strong problem-solving and analytical abilities

. Excellent communication skills for cross-functional collaboration

. Ability to work independently and as part of a team

. Detail-oriented with strong focus on code quality and security

. Ability to handle multiple priorities in a fast-paced environment

Preferred Qualifications

. Bachelor & degree in Computer Science, or Engineering

. Interest in application of Generative AI / Machine Learning

. Experience with password manager architecture and design patterns

. Previous work on enterprise IAM solutions

. Knowledge of SAML, OpenID Connect, or other SSO protocols

. Experience with automated testing frameworks (Jest, Mocha, Selenium)

. Familiarity with CI/CD pipelines and DevOps practices

. Contributions to open-source security projects

. Certifications such as CEH, CISSP, or similar security credentials

. Experience with browser extension security audits and penetration testing

. Knowledge of Singapore & cybersecurity regulatory landscape (PDPA, CSA guidelines)

Technical Environment

. Frontend: JavaScript/TypeScript, HTML5, CSS3, Chrome Extension APIs

. Backend: Java, Tomcat, RESTful APIs

. Security: FIDO2/WebAuthn, PQC, AES-256, RSA, PKI

. Tools: Git, JIRA, modern IDE (VS Code, IntelliJ)

. Standards: OWASP, FIDO Alliance specifications, W3C WebAuthn