
Trail of Bits
Remote Jobs
Deepening the Science of Security
42 Jobs
Technical Marketing Manager, AppSec, Research, AI Security
Trail of BitsDeepening the Science of Security
• Track engineering output, tool releases, research papers, conference talks, milestones — and make sure each gets coverage. • Work through the existing backlog of shipped tools and research that never got written up publicly. • Create case studies, briefs, blog drafts, and marketing assets that work for both technical and business audiences. • Partner with Technical Editing on content pipelines, especially around report publications and blog production, and provide additional writing capacity when the team needs it. • Own the content calendar across practices. Coordinate publishing schedules so coverage is steady and nothing falls through the cracks. • Own social media across X, LinkedIn, and Bluesky. Maintain a consistent publishing cadence, engage with the community, and grow our audience. • Manage Trail of Bits’ presence at industry events and relevant conferences. • Plan and run multi-channel campaigns (social, email, webinars, conference activations) that drive pipeline. • Improve upon existing baselines, track performance, and create a reporting rhythm so the team knows what’s working and where we should continue investing.
• Edit security reports across application security, blockchain, cryptography, AI/ML, and research & engineering engagements. • Develop, edit, and publish posts on the Trail of Bits blog, the primary channel for our research and thought leadership. • Manage publication through GitHub pull requests and coordinate with internal and external reviewers. • Manage the team's report tracker and quality metrics systems, giving leadership visibility into editing throughput, revision cycles, and delivery timelines. • Build and refine Claude-based tools for content creation and editorial refinement. • Lead document design beyond reports: SOWs, proposals, engineer bios, program overviews, QBR materials, case studies, and testimonials. • Shape editorial standards and style guide evolution.
• Security Assessment Ownership - Lead security assessments for specific components within client engagements. • Vulnerability Discovery and Analysis - Find and validate vulnerabilities in application code and systems. • Custom Security Tooling - Design and build security testing tools and automation for vulnerability detection. • Architecture and Threat Modeling - Conduct threat modeling and architecture reviews of software systems. • Client Communication - Translate technical findings into clear, actionable recommendations for engineering teams. • Research and Innovation - Contribute to security research initiatives and stay on the cutting edge.
Role Description Trail of Bits seeks a Security Engineer 1 for our growing Software Assurance practice. You'll contribute to security assessments of client software, partnering with senior engineers, identifying vulnerabilities across the application and system level. You'll own pieces of client engagements, drive your own vulnerability analysis, and develop tools alongside the team. This role bridges vulnerability research and applied security, where you'll find real issues in real code and help clients understand and fix them. Your work will be hands-on and autonomous: analyzing complex code, building custom tooling, conducting threat modeling, and owning your findings through to client delivery. What You’ll Achieve - Security Assessment Ownership: Lead security assessments for specific components, modules, or systems within larger client engagements. Identify vulnerabilities, trace root causes, and own your analysis from discovery through client delivery. - Vulnerability Discovery and Analysis: Find and validate real vulnerabilities in application code and systems. Explain exploitation paths, assess impact, and develop proof-of-concept code when needed. You'll do the work, not just assist. - Custom Security Tooling: Design and build security testing tools and automation for vulnerability detection. Own tool development from concept through deployment on client projects. - Architecture and Threat Modeling: Conduct threat modeling and architecture reviews of software systems. Identify attack surfaces, data flows, and security boundaries. Propose concrete mitigations. - Client Communication: Translate technical findings into clear, actionable recommendations for engineering teams. Own client relationships for your component of the work. - Research and Innovation: Contribute to security research initiatives. Build tools, document findings, and stay on the cutting edge of vulnerability research and application security. Qualifications - Demonstrable vulnerability research capability - Proven ability to find and validate real vulnerabilities. This means: CTF wins, published CVEs, bug bounty finds, or security research that shows you can actually discover exploitable issues. - Strong code analysis skills - You can read complex code, trace execution, identify logic flaws, and explain why something is exploitable. You understand the difference between a tool flagging something and it actually being a vulnerability. - Hands-on coding proficiency - Fluent in at least two of: Rust, Go, C, C++, Python, JavaScript, TypeScript, or similar. You write code for security analysis and tool development, not just consume it. - Memory safety understanding - You understand memory corruption vulnerabilities (buffer overflows, use-after-free, etc.) and modern mitigations (ASLR, DEP, CFI). You can reason about exploit primitives. - Systems knowledge - Deep familiarity with operating systems, IPC, privilege boundaries, and how applications interact with system internals. This isn't theoretical, you've worked with this stuff. - Autonomous problem-solving - You drive your own work. You own pieces of engagements. You ask good questions, debug issues, and reach conclusions without hand-holding. - Clear technical communication - You can explain complex security findings to engineers. Your reports get read because they're clear and actionable. You can defend your analysis. Nice to Have - Active CTF participation - Current or recent CTF team participation, CTF wins, or rankings. Shows you can solve hard security problems under pressure. - Published vulnerability research - CVEs, bug bounties, responsible disclosures, or security writeups. Shows you've found real issues and validated them. - Open source security contributions - Tools, libraries, or research contributions to open source projects. Shows you can ship security work. - Mobile security experience - Android, iOS, or macOS internals. Binary analysis on mobile platforms. - Published technical writing - Blog posts, security research writeups, conference talks, or technical documentation. - Cloud security experience - AWS, GCP, or Azure security assessment and architecture review. - Kernel or low-level development - Experience with kernel code, drivers, or system-level programming. About You You're 0–2 years into your security career, or you're coming from software engineering with a strong security foundation. You have proven ability to find vulnerabilities and understand how systems break. You're autonomous, you own your work, you drive your own analysis, and you don't need someone looking over your shoulder. We're looking for people who've already proven they can do this work: CTF players, people with CVE disclosures, bug bounty hunters, strong engineering grads who've built security tools. You should be capable of owning a piece of a security engagement and driving it to completion. Years of experience don't matter. Demonstrated ability matters. Can you find vulnerabilities? Can you understand complex code and systems? Can you own your work? If yes, let's talk. Salary Information The base salary for this full-time position ranges from $100,000 to $160,000 excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process. Benefits - Competitive salary complemented by performance-based bonuses. - Fully company-paid insurance packages, including health, dental, vision, disability, and life. - A solid 401(k) plan with a 5% match of your base salary. - 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations. - 4 months of parental leave to cherish the arrival of new family members. - $10,000 in relocation assistance to support your transition if interested in moving to NYC. - $1,000 Working-from-Home stipend to create a comfortable and productive home office. - Annual $750 Learning & Development stipend for continuous personal and professional growth. - Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements. - Philanthropic contribution matching up to $2,000 annually.
• Act as a credible proxy for the CEO: attend prep meetings, briefings, and stakeholder conversations. • Manage the CEO's inbound communications with judgment. • Manage the CEO's time and attention as a precious resource. • Build and maintain accountability systems that track commitments across the organization. • Draft reports, communications, and presentations on behalf of the CEO. • Lead annual strategic planning and oversee cross-departmental projects. • Take ownership of difficult conversations about performance and expectations. • Propose systems to streamline the office of the CEO.
Role Description The Chief of Staff drives key strategic initiatives and outcomes across Trail of Bits, serving as the CEO's right-hand person. You will act as a credible proxy for the CEO, manage his day-to-day workflow and communications, lead strategic planning, and take ownership of the follow-through that keeps the organization moving. This role is built for an engineer who wants to move into business leadership. Trail of Bits was built by engineers for engineers, and our culture is rooted in technical excellence, intellectual rigor, and deep respect for the craft of security research and engineering. You already speak this language. What sets you apart from your peers is that you are drawn to the business: - How decisions get made - How an organization scales - How a leader spends their time and attention This is a high-urgency, action-oriented role. You will be the executor in a thoughtful, deliberative organization, the person who turns intent into motion and makes sure things actually happen. You will operate with real authority as an extension of the CEO, reporting directly to him as a member of the leadership team. What You'll Achieve - Act as a credible proxy for the CEO: attend prep meetings, briefings, and stakeholder conversations on his behalf, then brief him with exactly what he needs. - Manage the CEO's inbound communications with judgment, triaging email and Slack. - Manage the CEO's time and attention as a precious resource. - Build and maintain accountability systems that track commitments across the organization. - Draft reports, communications, and presentations on behalf of the CEO. - Lead annual strategic planning, oversee cross-departmental projects, and coordinate key stakeholders. - Take ownership of difficult conversations about performance and expectations. - Propose systems to streamline the office of the CEO and identify key metrics. Qualifications - 8+ years of experience, with a strong engineering or technical foundation. - A clear desire to transition from engineering into business and leadership. - A strong bias toward action over deliberation. - Organized and detail-oriented with strong follow-through. - Strong written and verbal communication skills. - Able to operate as an extension of the CEO with real authority. - Low ego and high ownership. - Fluency with AI tools and automation for operational efficiency. Requirements - Reporting Manager: CEO - The base salary for this full-time position ranges from $175,000 to $250,000, excluding benefits and potential bonuses. - Various factors influence our salary ranges, including role, level of seniority, geographic location, and nature of the employment contract. - For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process. Benefits - Competitive salary complemented by performance-based bonuses. - Fully company-paid insurance packages, including health, dental, vision, disability, and life. - A solid 401(k) plan with a 5% match of your base salary. - 20 days of paid vacation with flexibility for more. - 4 months of parental leave. - $10,000 in relocation assistance for moving to NYC. - $1,000 Working-from-Home stipend. - Annual $750 Learning & Development stipend. - Company-sponsored all-team celebrations. - Philanthropic contribution matching up to $2,000 annually.
• Conduct comprehensive application security assessments of agentic AI pipelines, tools, and frameworks for leading companies and labs. Examine vulnerabilities in model architectures, guardrails, and deployment infrastructure while developing mitigation strategies. • Develop and share novel prompt injection techniques targeting agentic workflows, including indirect injection via tool outputs, multi-turn manipulation, and cross-agent exploitation. Produce actionable attack libraries and defensive countermeasures for client engagements. • Conduct security assessments of client code bases using a combination of static analysis, dynamic testing, and manual code review, identifying vulnerabilities and developing mitigation strategies, with a focus on findings at the intersection of application security and Agentic AI security. • Conduct threat modeling and risk assessments to proactively identify potential risks for clients and develop mitigation strategies for future prevention, with particular attention to prompt injection attack surfaces in agentic orchestration layers. • Work with leading industry teams to review system code and architecture, and help assure their products through system analysis and modeling. • Develop and contribute to AI regulatory frameworks, establishing assurance methods and auditing processes for mission-critical AI applications while ensuring alignment with emerging industry standards and safety requirements.
• Act as a credible proxy for the CEO: attend prep meetings, briefings, and stakeholder conversations on his behalf. • Manage the CEO's inbound communications with judgment, triaging email and Slack. • Manage the CEO's time and attention as a precious resource. • Build and maintain accountability systems that track commitments across the organization. • Draft reports, communications, and presentations on behalf of the CEO. • Lead annual strategic planning and oversee cross-departmental projects. • Take ownership of difficult conversations about performance and expectations. • Propose systems to streamline the office of the CEO and identify critical metrics for business performance.
• End-to-end project delivery. Run multiple concurrent client engagements through the project lifecycle. Manage scope, timeline, and budget so engineers stay focused on the technical work and clients stay informed. • Client relationship ownership. Serve as the primary point of contact across your portfolio. Handle status updates, working sessions, escalations, and the small check-ins between projects that keep accounts warm. • Account growth. Spot opportunities for clients to do more with Trail of Bits. Move clients from one-off reviews into retainers, follow up on options in existing SOWs, and bring sales in when a real expansion is on the table. • Sales partnership. Run the returning-client sales cycle alongside our sales team. When a client you've worked with comes back, the handoff stays invisible to them. • Internal coordination. Work closely with Engineering Directors and engineers to staff projects, manage scheduling in Float, track work in Asana, and keep deal and account context current in HubSpot. • Cross-functional support. Show up for the team beyond your direct projects. That includes helping marketing drive client attendance at industry events, contributing to internal process improvements, and jumping in where the team needs you.
Role Description Trail of Bits is hiring a Project Manager to own client engagements end-to-end. You'll be the primary point of contact for customers during their projects, the partner to our sales team when those clients want to do more with us, and the connective tissue between our engineering teams and the people who hired them. - Work on timelines, scope, and status reports. - Build relationships with clients during a project for easier future engagements. - Collaborate closely with sales, Engineering Directors, and a small team of fellow PMs. - Adapt as the work changes in the evolving cybersecurity industry. What You’ll Achieve - End-to-end project delivery: Run multiple concurrent client engagements through the project lifecycle. - Client relationship ownership: Serve as the primary point of contact across your portfolio. - Account growth: Spot opportunities for clients to do more with Trail of Bits. - Sales partnership: Run the returning-client sales cycle alongside our sales team. - Internal coordination: Work closely with Engineering Directors and engineers to manage projects. - Cross-functional support: Assist the team beyond direct projects. Qualifications - Project management in professional services: Direct experience managing client-facing engagements. - Client lifecycle ownership: Experience owning client relationships through and between engagements. - Account growth contribution: Experience growing client accounts through expanded scopes or retainers. - Sales partnership: Experience working alongside a sales team to scope and propose work. - Operating without a playbook: Initiative in evolving or undefined processes. - Technical communication: Ability to translate technical work for non-technical stakeholders. - Executive stakeholder communication: Experience presenting project status to executive stakeholders. - AI in your daily workflow: Experience using AI tools as part of your work. - Tooling fluency: Hands-on experience with Slack, Google Workspace, and project tracking tools. Nice to Have - Background in cybersecurity, particularly advisory services or incident response. - Experience with retainer-based or recurring services revenue models. - Familiarity with Asana, Float, and HubSpot specifically. - Exposure to the blockchain, cryptography, AI/ML security space. What Does Not Work Here - A pure project management mindset where the role ends when the engagement closes. - Needing permission or a defined process before you can act. - Resistance to AI tooling, or a "wait and see" stance on it. - Product implementation experience without client services exposure. - Strong attachment to one prescribed methodology over the judgment to pick the right approach. Salary Information The base salary for this full-time position ranges from $135,000 to $165,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. Benefits - Competitive salary complemented by performance-based bonuses. - Fully company-paid insurance packages, including health, dental, vision, disability, and life. - A solid 401(k) plan with a 5% match of your base salary. - 20 days of paid vacation with flexibility for more. - 4 months of parental leave. - $10,000 in relocation assistance for moving to NYC. - $1,000 Working-from-Home stipend. - Annual $750 Learning & Development stipend. - Company-sponsored all-team celebrations. - Philanthropic contribution matching up to $2,000 annually.
32more opportunities are still waiting for you.Log in now and take your next shot before someone else does.