Security Engineer, Research & Engineering

About The Position

Requirements

• Strong software development skills with experience in: Rust, C++, and/or Python. Occasionally, Go or Java knowledge is necessary.
• Knowledge of AI/ML systems and associated security challenges.
• Familiarity with AI development tools like Claude Code, Cursor, and others.
• Experience with secure development practices and building secure software.
• Demonstrated ability to quickly learn new programming languages, frameworks, and technologies.
• Understanding of computer security principles and common vulnerability classes.
• A drive to develop subject-matter expertise in an area of Trail of Bits' core competency.
• Ability to work independently and as part of a remote team.
• Strong written and verbal communication skills, with a willingness to write blog posts and present at internal knowledge-sharing sessions.
• Familiarity with GitHub, CI/CD pipelines, and automated testing.

Nice To Haves

• Prior contributions to open-source security tools or frameworks.
• Experience developing commercial-grade software used by the public.
• Understanding of low-level systems, including memory management and operating system internals.
• Experience with compiler technology, program analysis, or binary analysis.
• Participation in CTF competitions or other security challenges.
• Experience with multiple programming languages and paradigms.
• Experience in reading, writing, and publishing academic papers.
• Experience in public speaking.

Responsibilities

• Security Tool Development: Design and implement security-focused software tools and frameworks, contributing to projects that help achieve their technical milestones.
• Open Source Contribution: Contribute to open-source security projects and develop internal tools that advance Trail of Bits' core competencies.
• Security Solution Architecture: Analyze complex security challenges and develop practical, deployable solutions. As you grow, take ownership of deconstructing high-level objectives into smaller, more manageable tasks.
• Full-Stack Security Understanding: Understand security implications across the stack, from low-level systems to application frameworks.
• Secure Implementation: Implement secure CI/CD pipelines and integration with GitHub Actions.
• AI/ML Security Research: Contribute to AI/ML security research and tooling.
• Security Code Review: Evaluate and improve the security of existing software through code review and enhancement.
• Technical Communication: Communicate technical concepts effectively to team members, clients, and the broader security community. Write blog posts, participate in Lunch 'n' Learns and publications, and grow toward delivering client-side presentations.
• Technical Troubleshooting: Root-cause analysis and debugging on low-level technical issues.
• Project Execution: Interpret requirements, decompose tasks, and make engineering estimates. Work toward leading major feature development and moving projects toward their milestones.

Benefits

• Competitive salary complemented by performance-based bonuses.
• Fully company-paid insurance packages, including health, dental, vision, disability, and life.
• A solid 401(k) plan with a 5% match of your base salary.
• 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.
• 4 months of parental leave to cherish the arrival of new family members.
• Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition.
• $1,000 Working-from-Home stipend to create a comfortable and productive home office.
• Annual $750 Learning & Development stipend for continuous personal and professional growth.
• Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.
• Philanthropic contribution matching up to $2,000 annually.