Job Description

We’re a team of hungry, high-character professionals from all backgrounds who came together to reinvent work for the modern enterprise.And we’re always looking for world-class human beings (not resumes) to join the movement.

Island, the Enterprise Browser is the ideal enterprise workplace where work flows freely while remaining fundamentally secure. With the core needs of the enterprise naturally embedded in the browser itself, Island gives organizations complete control, visibility, and governance over the last mile, while delivering the same smooth Chromium-based browser experience users expect.

As a Product Security Researcher at Island, you will dive deep into the security landscape of modern browsers, operating systems, and enterprise applications to discover novel vulnerabilities, evaluate real-world threat scenarios, and help shape our security posture through innovation and hands-on research. You will be instrumental in driving advanced security initiatives that help maintain Island’s position at the cutting edge of secure enterprise computing.

Key Responsibilities:

• Vulnerability Research: Identify and analyze vulnerabilities in browser components, system integrations, and third-party libraries relevant to the Island Enterprise Browser.
• Security Testing & Tooling: Develop custom tooling and automation for security testing, fuzzing, and vulnerability detection tailored to our product stack.
• Threat Modeling: Collaborate with developers, architects, and the Product Security Lead to assess threat scenarios and attack surfaces for new features and integrations.
• Exploit Prototyping: Build proof-of-concepts to validate the impact and exploitability of discovered security issues.
• Collaboration & Knowledge Sharing: Support development teams in secure coding practices, and contribute to internal knowledge bases and playbooks.
• Security Research Enablement: Stay ahead of the curve by tracking current exploits, security trends, and techniques; attend or present at security conferences and engage with the broader security community.

Requirements

• Strong understanding of browser internals, OS security mechanisms, or application-layer security.
• Proficiency in one or more programming/scripting languages (e.g., Python, JavaScript, C/C++, Go).
• Experience in vulnerability research, bug hunting, reverse engineering, or exploit development.
• Familiarity with common vulnerability classes (e.g. RCE, memory corruption, sandbox escapes).
• Curiosity-driven mindset with a passion for breaking things and understanding how they work.
• Experience with fuzzing tools, debuggers, or reverse engineering frameworks is a strong plus.