Role: Software Engineer - Chrome Extension Specialist (JavaScript)
JD:
Key Responsibilities
Chrome Extension Development
Design and develop a full-featured Chrome Extension for credential management
Implement secure local and cloud-based password storage with end-to-end encryption
Create intuitive user interfaces for password capture, autofill, and credential management
Develop password generation features with customizable complexity rules
Build secure password sharing and organizational vault capabilities
Implement browser auto-fill functionality across various web applications and authentication
flows
FIDO2 & Authentication
Integrate FIDO2/WebAuthn soft token storage and management capabilities
Implement secure key generation, storage, and authentication flows for FIDO2 credentials
Develop features for managing multiple FIDO2 authenticators per user
Ensure compliance with FIDO2 specifications and security best practices
Implement biometric authentication integration where applicable
Backend Integration
Design and implement secure RESTful APIs between the Chrome Extension and Java/Tomcat backend
Implement secure session management and token-based authentication
Develop synchronization mechanisms for credential data across devices
Create robust error handling and recovery mechanisms
Implement audit logging for security-critical operations
Security & Compliance
Implement industry-standard encryption protocols (AES-256, RSA, etc.) for data protection
Ensure secure storage practices using Chrome Extension storage APIs
Conduct security reviews and threat modeling for all features
Implement secure key derivation and management practices
Follow OWASP guidelines and secure coding practices
Ensure compliance with relevant security standards and regulations
Quality & Performance
Write clean, maintainable, and well-documented code
Develop comprehensive unit and integration tests
Optimize extension performance to minimize resource consumption
Implement robust error handling and logging mechanisms
Participate in code reviews and contribute to technical documentation
Required Qualifications
Technical Skills
5+ years of professional software development experience
3+ years of hands-on experience developing Chrome Extensions with manifest V3
Expert-level proficiency in JavaScript/TypeScript, HTML5, and CSS3
Strong understanding of Chrome Extension APIs (storage, identity, webRequest, etc.)
Experience with modern JavaScript frameworks (React, Vue, or Angular)
Solid understanding of cryptography principles and secure coding practices
Experience with WebAuthn/FIDO2 standards and implementation
Proficiency in RESTful API design and consumption
Experience with version control systems (Git)
Backend Knowledge
Understanding of Java web application architecture
Experience integrating with Java-based REST APIs
Familiarity with Tomcat or similar application servers
Knowledge of JWT, OAuth 2.0, and session management
Security Expertise
Deep understanding of browser security models and Content Security Policy (CSP)
Knowledge of encryption algorithms and secure key management
Experience implementing secure data storage and transmission
Understanding of authentication and authorization protocols
Familiarity with security testing tools and methodologies
Soft Skills
Strong problem-solving and analytical abilities
Excellent communication skills for cross-functional collaboration
Ability to work independently and as part of a team
Detail-oriented with strong focus on code quality and security
Ability to handle multiple priorities in a fast-paced environment
Preferred Qualifications
Bachelor & degree in Computer Science, or Engineering
Interest in application of Generative AI / Machine Learning
Experience with password manager architecture and design patterns
Previous work on enterprise IAM solutions
Knowledge of SAML, OpenID Connect, or other SSO protocols
Experience with automated testing frameworks (Jest, Mocha, Selenium)
Familiarity with CI/CD pipelines and DevOps practices
Contributions to open-source security projects
Certifications such as CEH, CISSP, or similar security credentials
Experience with browser extension security audits and penetration testing
Knowledge of Singapore & cybersecurity regulatory landscape (PDPA, CSA guidelines)
Technical Environment
Frontend: JavaScript/TypeScript, HTML5, CSS3, Chrome Extension APIs
Backend: Java, Tomcat, RESTful APIs
Security: FIDO2/WebAuthn, PQC, AES-256, RSA, PKI
Tools: Git, JIRA, modern IDE (VS Code, IntelliJ)
Standards: OWASP, FIDO Alliance specifications, W3C WebAuthn