Role: Software Engineer - Chrome Extension Specialist (JavaScript)
JD:
Key Responsibilities
Chrome Extension Development
ï‚· Design and develop a full-featured Chrome Extension for credential management
ï‚· Implement secure local and cloud-based password storage with end-to-end encryption
ï‚· Create intuitive user interfaces for password capture, autofill, and credential management
ï‚· Develop password generation features with customizable complexity rules
ï‚· Build secure password sharing and organizational vault capabilities
ï‚· Implement browser auto-fill functionality across various web applications and authentication
flows
FIDO2 & Authentication
ï‚· Integrate FIDO2/WebAuthn soft token storage and management capabilities
ï‚· Implement secure key generation, storage, and authentication flows for FIDO2 credentials
ï‚· Develop features for managing multiple FIDO2 authenticators per user
ï‚· Ensure compliance with FIDO2 specifications and security best practices
ï‚· Implement biometric authentication integration where applicable
Backend Integration
ï‚· Design and implement secure RESTful APIs between the Chrome Extension and Java/Tomcat backend
ï‚· Implement secure session management and token-based authentication
ï‚· Develop synchronization mechanisms for credential data across devices
ï‚· Create robust error handling and recovery mechanisms
ï‚· Implement audit logging for security-critical operations
Security & Compliance
ï‚· Implement industry-standard encryption protocols (AES-256, RSA, etc.) for data protection
ï‚· Ensure secure storage practices using Chrome Extension storage APIs
ï‚· Conduct security reviews and threat modeling for all features
ï‚· Implement secure key derivation and management practices
ï‚· Follow OWASP guidelines and secure coding practices
ï‚· Ensure compliance with relevant security standards and regulations
Quality & Performance
ï‚· Write clean, maintainable, and well-documented code
ï‚· Develop comprehensive unit and integration tests
ï‚· Optimize extension performance to minimize resource consumption
ï‚· Implement robust error handling and logging mechanisms
ï‚· Participate in code reviews and contribute to technical documentation
Required Qualifications
Technical Skills
ï‚· 5+ years of professional software development experience
ï‚· 3+ years of hands-on experience developing Chrome Extensions with manifest V3
ï‚· Expert-level proficiency in JavaScript/TypeScript, HTML5, and CSS3
ï‚· Strong understanding of Chrome Extension APIs (storage, identity, webRequest, etc.)
ï‚· Experience with modern JavaScript frameworks (React, Vue, or Angular)
ï‚· Solid understanding of cryptography principles and secure coding practices
ï‚· Experience with WebAuthn/FIDO2 standards and implementation
ï‚· Proficiency in RESTful API design and consumption
ï‚· Experience with version control systems (Git)
Backend Knowledge
ï‚· Understanding of Java web application architecture
ï‚· Experience integrating with Java-based REST APIs
ï‚· Familiarity with Tomcat or similar application servers
ï‚· Knowledge of JWT, OAuth 2.0, and session management
Security Expertise
ï‚· Deep understanding of browser security models and Content Security Policy (CSP)
ï‚· Knowledge of encryption algorithms and secure key management
ï‚· Experience implementing secure data storage and transmission
ï‚· Understanding of authentication and authorization protocols
ï‚· Familiarity with security testing tools and methodologies
Soft Skills
ï‚· Strong problem-solving and analytical abilities
ï‚· Excellent communication skills for cross-functional collaboration
ï‚· Ability to work independently and as part of a team
ï‚· Detail-oriented with strong focus on code quality and security
ï‚· Ability to handle multiple priorities in a fast-paced environment
Preferred Qualifications
ï‚· Bachelor & degree in Computer Science, or Engineering
ï‚· Interest in application of Generative AI / Machine Learning
ï‚· Experience with password manager architecture and design patterns
ï‚· Previous work on enterprise IAM solutions
ï‚· Knowledge of SAML, OpenID Connect, or other SSO protocols
ï‚· Experience with automated testing frameworks (Jest, Mocha, Selenium)
ï‚· Familiarity with CI/CD pipelines and DevOps practices
ï‚· Contributions to open-source security projects
ï‚· Certifications such as CEH, CISSP, or similar security credentials
ï‚· Experience with browser extension security audits and penetration testing
ï‚· Knowledge of Singapore & cybersecurity regulatory landscape (PDPA, CSA guidelines)
Technical Environment
ï‚· Frontend: JavaScript/TypeScript, HTML5, CSS3, Chrome Extension APIs
ï‚· Backend: Java, Tomcat, RESTful APIs
ï‚· Security: FIDO2/WebAuthn, PQC, AES-256, RSA, PKI
ï‚· Tools: Git, JIRA, modern IDE (VS Code, IntelliJ)
ï‚· Standards: OWASP, FIDO Alliance specifications, W3C WebAuthn