Javascript Engineer (IV-V)

Please note: Due to high application volume, we’re unable to respond to messages or accept resumes sent through email or other platforms. Please apply through this page only!

Confiant is cybersecurity built for advertising. We secure the ad economy from the inside out, providing real-time intelligence and precise controls that detect and block malvertising, scams, disruptive creatives, and compliance risks before they reach users. By disrupting the business models of bad actors, Confiant empowers digital media to enforce standards, ensure quality, and uphold trust across the ad economy. We protect what matters most — revenue, reputation, and relationships — securing the foundation that allows good advertising to thrive.

We are a small but growing engineering team focused on high standards, collaboration, continuous improvement, and end-to-end ownership. Our rapidly evolving tech stack powers large-scale ETL systems, APIs, embedded systems, and SDKs that process tens of millions of transactions daily for leading AdTech companies. The Engineering team partners closely with security researchers to turn threat intelligence into SDK-level detections and partner with Core engineering team to ensure seamless backend integration. Engineers own the full lifecycle of problem-solving—from design and implementation to customer impact and operational support.

We are a 100% virtual company, and all our team members work from home worldwide. We support optional monthly gatherings in New York City (our original home) and quarterly on-sites in various locations across the world in order to maintain the human connection and trust required to be a high-performing organization.

We are seeking an experienced JavaScript Engineer to be part of the team that owns and evolves the core client-side SDK that sits at the heart of Confiant's malvertising detection and blocking technology. This is a deeply technical, specialized role focused on building and maintaining a high-performance JavaScript SDK that is embedded across a wide network of publisher and ad platform integrations.

You will be engineering the invisible — precise, performant, and resilient JavaScript that executes in real-time within ad environments to detect and neutralize threats before they reach end users.

The ideal candidate has a genuine passion for the craft of JavaScript at a systems level: understanding the browser runtime deeply, obsessing over payload size and execution cost, and building SDK distribution and versioning strategies that scale cleanly across a large, diverse customer base.

• →

  Co-own the design, development, and ongoing maintenance of Confiant's client-side JavaScript SDK with your teammates

• →

  Build and optimize SDK internals for maximum runtime performance — minimizing execution time, memory footprint, and impact on page load across diverse publisher environments

• →

  Develop robust SDK versioning, deployment, and distribution strategies that allow seamless rollouts and updates across a large, heterogeneous customer base

• →

  Translate security threat intelligence (e.g., new malvertising techniques, ad injection patterns) into SDK-level detection and blocking logic

• →

  Instrument the SDK for observability — ensuring signals, errors, and detection events are surfaced reliably back to Confiant's backend systems

• →

  Collaborate with the security research team to stay ahead of evolving malvertiser methods and rapidly prototype new detection heuristics

• →

  Conduct rigorous performance profiling, benchmarking, and regression testing to ensure SDK changes never degrade customer experience

• →

  Establish and champion SDK engineering best practices including testing strategies, documentation standards, and release processes

• →

  Debug complex, time-sensitive production issues occurring within live ad environments across a wide range of browsers and platforms

• Expert-level JavaScript (ES6+) with deep knowledge of browser internals — the event loop, memory model, garbage collection, and execution context

• Strong understanding of how JavaScript executes within third-party and sandboxed environments (iframes, ad slots, cross-origin contexts)

• Proven experience building, shipping, and maintaining JavaScript SDKs or embeddable scripts at production scale

• Demonstrated ability to optimize for performance: bundle size, parse time, runtime efficiency, and network impact

• Experience with SDK distribution patterns — versioning strategies, CDN delivery, backward compatibility, and graceful degradation

• Proficiency with modern JavaScript tooling: bundlers (Webpack, Rollup, esbuild), transpilers (Babel/SWC), and testing frameworks (Jest, Playwright, or similar)

• Deep familiarity with browser security models, including same-origin policy, CSP, and cross-origin isolation

• Experience in AdTech, including familiarity with ad serving infrastructure, tag management, or programmatic advertising concepts

• Background in security engineering, threat detection, or malware analysis

• Experience instrumenting client-side SDKs for telemetry and observability

• Familiarity with browser automation tools (e.g., Puppeteer, Playwright) for testing ad environments