Principal Security Engineer, Research & Engineering

Trail of Bits

18h•Remote

About The Position

Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology's newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and public understanding of the technology that underlies our world. Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our clients' capabilities are at the forefront of what's available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers. Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they'll understand why a company like ours is so unique and valuable. Role The Principal Security Engineer serves as a cultural, business, and technical leader within Trail of Bits' Research & Engineering practice. Principal Engineers set technical vision, drive new business growth, lead projects, manage people, and champion the company's publications and marketing efforts. You'll leverage your experience and professional network to turn your ideas into meaningful research and engineering efforts that impact our digital world. You will mentor and inspire other engineers who share your vision, helping them build their networks and skillsets. You will be an ambassador to the company using our blog and speaking at conferences as your primary medium. Principal Engineers identify team organization and operational problems, spot knowledge gaps across the team, and take steps to help the team fill them. You'll work closely with Staff Engineers on technical roadmaps, collaborate with Directors on resourcing, and support the proposal process through SoW writing and scoping. Software development will primarily involve Rust, C++, and Python, with occasional work in Go and Java. You will lead and participate in teams of 2–4 people across remote locations. Frequent communication with team members, clients, and industry partners is essential to success.

Requirements

Extensive software development and security engineering experience, with deep expertise in Rust, C++, and/or Python.
A well-established professional network in the security industry, government, or adjacent technical communities.
Demonstrated track record of leading security projects end-to-end, from scoping and proposal through delivery.
Experience engaging with clients and participating in the sales or business development process.
Proven ability to mentor and develop senior-level engineers, helping them grow their careers and professional networks.
Experience setting technical vision and strategy for a team or practice area.
Strong knowledge of AI/ML systems and associated security challenges.
Public speaking experience at conferences, panels, or industry events.
Published work demonstrating thought leadership in security through blog posts, whitepapers, academic papers, or open-source tools.
Excellent written and verbal communication skills, with the ability to communicate effectively with technical teams, clients, and executive leadership.
Experience writing SoWs, scoping proposals, and supporting the business development lifecycle.
Ability to identify organizational and operational problems and drive solutions.

Nice To Haves

Experience building and maintaining a revenue-generating practice area or service line.
Track record of securing external funding (government contracts, grants, or sponsored research).
Deep understanding of low-level systems, including memory management, operating system internals, compiler technology, or binary analysis.
Experience designing IRAD portfolios or technical roadmaps for a research organization.
Contributions to major open-source security tools or frameworks.
Experience managing direct reports (1–4) and providing career development guidance.
Familiarity with the US Government contracting and proposal process.

Responsibilities

Technical & Strategic Leadership: Set the technical vision for your area of expertise. Design and guide the execution of complex security research and engineering efforts that advance Trail of Bits' capabilities.
Business Development: Engage with potential clients and drive the sales process independently. Leverage your professional network to find external funding for new research and engineering initiatives. Support the proposal process through SoW writing and scoping.
People Leadership & Mentorship: Mentor 3–4 Senior Engineers, helping them build their professional networks and skillsets. Introduce mentees to your network and find opportunities for their growth.
Project Leadership: Lead projects end-to-end within and beyond your core expertise. Deconstruct high-level objectives into actionable milestones, allocate work across team members, and ensure delivery.
Publications & Industry Presence: Lead the company's publications and marketing efforts in your domain. Represent Trail of Bits at speaking events, panel discussions, and conferences. Author blog posts, whitepapers, and academic publications.
Organizational Improvement: Identify team organization and operational problems. Spot knowledge gaps across the team and take concrete steps to help the team fill them.
Security Tool Development: Architect and oversee the development of security-focused software tools and frameworks. Contribute hands-on when needed, particularly on novel or high-stakes problems.
Cross-Practice Collaboration: Work closely with other practices to understand their challenges and needs. Turn these into collaborative efforts to build useful tooling and advance shared goals.
AI/ML Security: Guide the team's approach to AI/ML security research and tooling. Identify emerging risks and opportunities in the AI/ML security landscape.

Benefits

Competitive salary complemented by performance-based bonuses.
Fully company-paid insurance packages, including health, dental, vision, disability, and life.
A solid 401(k) plan with a 5% match of your base salary.
20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.
4 months of parental leave to cherish the arrival of new family members.
Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition.
$1,000 Working-from-Home stipend to create a comfortable and productive home office.
Annual $750 Learning & Development stipend for continuous personal and professional growth.
Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.
Philanthropic contribution matching up to $2,000 annually.