Senior Software Engineer – Chrome Extensions (Manifest V3)
Location: Pune, India (Hybrid – 2 days onsite)
Experience: 8–15 years
Employment type: Full-time
About the Role
We are hiring on behalf of a global leader in K-12 student-safety technology, whose platform protects millions of students across thousands of schools worldwide. You will own the architecture and implementation of the client's onboard filtering engine — building a local policy cache and real-time filtering decision engine inside a Chrome extension that moves filtering decisions on-device, improving speed, reliability, and bypass resistance at massive scale.
This is a Staff-level (L5) position. You will be the technical owner of the initiative — driving direction from architecture to production, resolving ambiguity without waiting for a fully-formed spec, and mentoring mid-level engineers. You are expected to track platform shifts (such as Google's Filter & Monitor / ChromeOS Content Filtering API direction) and surface architectural recommendations, not just implement a handed-down plan.
What You'll Do
Own the architecture of the onboard filtering engine — local policy cache, delta sync protocol, filtering decision engine, and bypass-prevention layer — not just their implementation. Architect and implement the local policy cache with delta sync, TTL management, cache invalidation, and graceful cloud fallback. Build the filtering decision engine in the MV3 service worker (domain matching, URL categorization, iframe detection, allow/block decisions). Implement and harden bypass prevention across same-origin policy, CSP, CORS, iframe sandboxing, and content-script/page-context boundaries, treating adversarial users as a primary design constraint. Manage chrome.storage.local within platform limits, evaluate IndexedDB for larger policy stores, and document tradeoffs in architecture decision records. Optimize extension performance to add negligible latency on low-end Chromebook hardware, and mentor L3/L4 engineers through code reviews, pairing, and threat-model design.
Must-Have Requirements
Expert-level TypeScript and JavaScript — async/await, Promises, event-driven architecture, and memory management in long-running service workers (5+ years at this level).
Deep production experience with Chrome Extensions (Manifest V3): service workers, content scripts, chrome.storage, and declarativeNetRequest / webRequest APIs. Thorough understanding of the browser security model — same-origin policy, CSP, CORS, iframe sandboxing, and the content-script/page-context boundary.
Proven security-first architecture skills: the ability to enumerate attack surfaces before writing code and define the threat model. Local caching / offline-first design experience — delta sync, TTL, cache invalidation, chrome.storage.local limits, and IndexedDB.
Strong technical writing — ADRs, threat models, and platform evaluation memos.
Strongly Preferred
Chrome DevTools performance profiling and the ability to define and enforce performance budgets on low-end hardware. Web filtering / content classification experience — URL categorization, domain matching, iframe content detection. Awareness of Google's Filter & Monitor platform and ChromeOS Content Filtering API direction.
Nice to Have
ChromeOS / Google Admin Console and enterprise extension management, extension test automation (Puppeteer, Playwright, or Selenium), Kotlin for mobile filtering work, and K-12 EdTech domain familiarity.
Compensation & Benefits
Competitive compensation, shared with shortlisted candidates. Benefits include comprehensive health insurance (employee, parents, spouse, children), accidental & term life insurance, learning & development reimbursement, paid time off and public holidays, retirement benefits (EPF & gratuity), and parental leave.