About the Role
Title: Senior Security Engineer, Research & Engineering
Location: United States
Department: Research & Engineering
Job Description: Description
Description
Who We Are
Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world’s most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world.
Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers.
Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable.
Role
Trail of Bits seeks a Software Security Engineer within our Research & Engineering team to work at the intersection of security research and practical software development. You will design, build, and enhance security tools and frameworks across various contexts, working on projects ranging from compiler-based security tools to AI/ML security frameworks.
On any given day, you might implement security-focused software tools, contribute to open-source projects, analyze complex security challenges, or develop practical solutions for clients. Working in small teams of 2-4 people, you’ll collaborate with researchers, security experts, and clients while building impactful tools.
You will have opportunities to pursue your interests while delivering practical security solutions, with software development primarily involving Rust, C++, and Python, with occasional work in Go and Java. Success is measured through impact, focusing on building tools others can use and build upon, rather than paper metrics.
What You’ll Achieve
Tool Development: Design and implement security-focused software tools and frameworks, contributing to open-source security projects and developing internal tools for practical security solutions.
Security Analysis: Analyze complex security challenges across the stack, from low-level systems to application frameworks, evaluating and improving existing software through code review and enhancement.
Implementation: Develop secure CI/CD pipelines with GitHub Actions integration, contributing to AI/ML security research and tooling with a focus on practical, deployable solutions.
Client Collaboration: Work directly with industry-leading teams to understand complex security challenges and implement effective solutions through deep technical analysis and recommendations.
Technical Communication: Effectively communicate technical concepts to team members, clients, and the broader security community, with opportunities to write about your work publicly.
What You’ll Bring
Development Expertise: Strong software development skills with experience in Rust, C++, and/or Python, with occasional need for Go or Java knowledge and demonstrated ability to quickly learn new programming languages, frameworks, and technologies. Experience with multiple programming languages and paradigms is highly valued.
Security Knowledge: Understanding of computer security principles, common vulnerability classes, and experience with secure development practices and building secure software. Prior contributions to open-source security tools or frameworks and participation in CTF competitions or security challenges would be beneficial.
Technical Capabilities: Root-cause analysis and debugging skills for low-level technical issues, ability to interpret requirements, decompose tasks, and make engineering estimates. Understanding of low-level systems (including memory management and OS internals), compiler technology, program analysis, or binary analysis is advantageous.
Advanced Domain Knowledge: Experience with AI/ML systems and associated security challenges is valuable, as is experience developing commercial-grade software used by the public. Experience reading, writing, and implementing academic papers demonstrates the depth of knowledge we value.
Collaboration Skills: Ability to work independently and as part of a remote team with strong written and verbal communication skills for frequent team member and client interactions. Experience in public speaking is a plus.
CI/CD Experience: Familiarity with CI/CD pipelines and automated testing methodologies for secure software development.