Who We Are
Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. We have helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world.
Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers.
Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable.
Role
Trail of Bits seeks a Staff Security Engineer, Application Security within our growing Software Assurance team. You will lead comprehensive security assessments with a primary focus on cloud-native architectures and infrastructure security while also contributing to broader application security initiatives and client audits. You'll evaluate complex distributed systems - from Kubernetes clusters and container orchestration to microservices architectures and cloud platform configurations.
On any given day, you might assess IAM policies and network segmentation, review infrastructure-as-code implementations, analyze API security boundaries, or develop automated security testing tools for cloud environments and cloud-native applications.
Working alongside other application security engineers, you'll contribute to client projects while building impactful tools. You will have opportunities to collaborate with our Research & Engineering team to help secure funding from government agencies for software security research that advances the state of the art, both within our team and the industry at large.
What You’ll Achieve
- Security Assessment: Lead comprehensive security reviews of cloud-native applications and architectures, including evaluation of cloud platform configurations across AWS, GCP, and/or Azure—as well as reviewing Infrastructure-as-Code implementations, container and Kubernetes configurations, and analysis of cloud IAM policies and network segmentation.
- Security Tool Development: Design and implement custom security tools for automated vulnerability detection, focusing on cross-platform and general application security testing needs, including support for Kubernetes and cloud environments.
- Architecture Review: Perform detailed architecture reviews and threat modeling of complex systems and applications, identifying potential security weaknesses and providing remediation guidance across different platforms and architectures.
- Client Engagement: Work directly with industry-leading teams to review their code and architecture, helping secure their products through deep technical analysis and recommendations, with knowledge of platform-specific security considerations.
- Research & Innovation: Contribute to the advancement of application security, developing new methodologies and tools while staying up to date with the latest security developments across the industry, including emerging platform security features and attack surfaces. Trail of Bits prides itself on the work our team accomplishes between client engagements through individual research and development (IRAD).
What You’ll Bring
- Application Security Expertise: Extensive experience in application security, with demonstrated ability to identify and mitigate cloud infrastructure vulnerabilities across complex applications. Strong understanding of cloud / SaaS security architecture and modern security features.
- Assessment Experience: Track record of leading and conducting technical security assessments across diverse platforms, with 8+ years of hands-on application security experience and expertise in implementing effective enterprise security measures.
- Technical Capabilities: Strong programming and code auditing skills, experience with fuzzing and/or static analysis tools, and cloud-native technologies. Deep expertise in developing custom security testing solutions.
- Programming Proficiency: Strong knowledge of Go, Python, Rust, and/or JavaScript, with demonstrated proficiency in implementing security-critical applications and tooling. Experience with systems programming and API development.
- Communication Skills: Ability to effectively communicate complex security concepts to diverse stakeholders, deliver clear, actionable recommendations, and mentor junior engineers through technical initiatives.
The base salary for this full-time position ranges from $180,000 to $230,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process.
Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. Learn more.
Benefits, Perks & Wellness
Trail of Bits is our people, not a place. With over 100+ employees working from every time zone across the globe, our remote-first culture is built on autonomy and trust (and backed by smile-worthy benefits) for full-time employees:
Empowered Living:
- Competitive salary complemented by performance-based bonuses.
- Fully company-paid insurance packages, including health, dental, vision, disability, and life.
- A solid 401(k) plan with a 5% match of your base salary.
- 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.
Nurturing New Beginnings:
- 4 months of parental leave to cherish the arrival of new family members.
- Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $5,000 in relocation assistance to support your transition.
Work & Life Enrichment:
- $1,000 Working-from-Home stipend to create a comfortable and productive home office.
- Annual $750 Learning & Development stipend for continuous personal and professional growth.
- Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.
Community Impact:
- Philanthropic contribution matching up to $2,000 annually.
Dedication to Diversity, Equity, Inclusion & Belonging (DEIB)
Trail of Bits is a community of innovators, risk-takers, and trailblazers who celebrate individual differences and recognize that unique perspectives make us stronger, smarter, and more successful. We actively seeks applicants who can bring a variety of experiences, perspectives, and backgrounds to the team. We provide equal employment opportunities to all employees and applicants for employment without regard to race, color, ancestry, national origin, gender, sex, pregnancy, pregnancy-related condition, sexual orientation, marital status, religion, age, disability, qualified handicap, gender identity, results of genetic testing, military status, veteran status, or any other characteristic protected by applicable law. Our team values diversity in experience and backgrounds—we do our best work when we create space for different voices and perspectives. Whatever unique experiences or skill sets you bring, we look forward to learning from each other.
