Hiring- Frontend Architect for Drop-In Web Payments SDK - Production Grade

We are building a cross-site payment SDK and a companion browser extension requiring a focus on security, cross-origin communication, and seamless user experience. This is an example of our architectural overview: Architecture Overview ┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐ │ Your SDK │────▶│ Stealth Modal │────▶│ Your API │ │ (embedded.js) │ │ (hosted popup) │ │ (auth/invoice) │ └─────────────────┘ └──────────────────┘ └─────────────────┘ │ │ │ ┌────────┴────────┐ │ │ Browser Plugin │ │ │ (auto-login) │ │ └─────────────────┘ │ ┌────┴────┐ │ Website │ │ (host) │ └─────────┘ This is a link to our specific work description: https://github.com/Next-Layer-Technology/stealth-payment-sdk/issues/1 There will be a team of 2 or 3 devs. 1 FE dev. 1 BE dev. 1 Security QA Audit Dev. As the "FrontEnd Architect", you will be responsible for: SDK development Browser extension Auth popup UI Documentation Skills needed: TypeScript expert, extension APIs, React, CSS architecture If you are selected to interview for the position, I will provide an AI provided document with all parts of this project already coded: SDK Browser Extenstion Auth UI etc..... You will need to adopt this code to our setup. The code is about 90% there already..... The follow is our security checklist & frameworks required for this project: Security Checklist API Key Security Rotate keys every 90 days Implement key scoping (read-only, read-write) IP whitelist for sensitive operations Authentication Use PKCE for OAuth flows Implement CSRF protection Rate limit login attempts Extension Security Code signing for extension updates Content Security Policy headers Secure storage for tokens (chrome.storage.secure) Communication Validate origin in postMessage handlers Use CSP to prevent XSS HTTPS only for all endpoints Data Protection Encrypt sensitive data at rest Token expiration and refresh strategy Audit logging for all invoice operations Summary Best Frameworks: SDK: Vanilla JS (no dependencies) or TypeScript with Rollup for bundling Extension: Manifest V3 with Webpack/Vite for cross-browser compatibility Backend: Node.js/Express or Go for performance Auth Popup: Next.js or plain React Database: PostgreSQL + Redis for sessions Infrastructure: Docker + Nginx + Let's Encrypt SSL