Trail of Bits

• End-to-end project delivery. Run multiple concurrent client engagements through the project lifecycle. Manage scope, timeline, and budget so engineers stay focused on the technical work and clients stay informed. • Client relationship ownership. Serve as the primary point of contact across your portfolio. Handle status updates, working sessions, escalations, and the small check-ins between projects that keep accounts warm. • Account growth. Spot opportunities for clients to do more with Trail of Bits. Move clients from one-off reviews into retainers, follow up on options in existing SOWs, and bring sales in when a real expansion is on the table. • Sales partnership. Run the returning-client sales cycle alongside our sales team. When a client you've worked with comes back, the handoff stays invisible to them. • Internal coordination. Work closely with Engineering Directors and engineers to staff projects, manage scheduling in Float, track work in Asana, and keep deal and account context current in HubSpot. • Cross-functional support. Show up for the team beyond your direct projects. That includes helping marketing drive client attendance at industry events, contributing to internal process improvements, and jumping in where the team needs you.

Role Description Trail of Bits is hiring a Project Manager to own client engagements end-to-end. You'll be the primary point of contact for customers during their projects, the partner to our sales team when those clients want to do more with us, and the connective tissue between our engineering teams and the people who hired them. - Work on timelines, scope, and status reports. - Build relationships with clients during a project for easier future engagements. - Collaborate closely with sales, Engineering Directors, and a small team of fellow PMs. - Adapt as the work changes in the evolving cybersecurity industry. What You’ll Achieve - End-to-end project delivery: Run multiple concurrent client engagements through the project lifecycle. - Client relationship ownership: Serve as the primary point of contact across your portfolio. - Account growth: Spot opportunities for clients to do more with Trail of Bits. - Sales partnership: Run the returning-client sales cycle alongside our sales team. - Internal coordination: Work closely with Engineering Directors and engineers to manage projects. - Cross-functional support: Assist the team beyond direct projects. Qualifications - Project management in professional services: Direct experience managing client-facing engagements. - Client lifecycle ownership: Experience owning client relationships through and between engagements. - Account growth contribution: Experience growing client accounts through expanded scopes or retainers. - Sales partnership: Experience working alongside a sales team to scope and propose work. - Operating without a playbook: Initiative in evolving or undefined processes. - Technical communication: Ability to translate technical work for non-technical stakeholders. - Executive stakeholder communication: Experience presenting project status to executive stakeholders. - AI in your daily workflow: Experience using AI tools as part of your work. - Tooling fluency: Hands-on experience with Slack, Google Workspace, and project tracking tools. Nice to Have - Background in cybersecurity, particularly advisory services or incident response. - Experience with retainer-based or recurring services revenue models. - Familiarity with Asana, Float, and HubSpot specifically. - Exposure to the blockchain, cryptography, AI/ML security space. What Does Not Work Here - A pure project management mindset where the role ends when the engagement closes. - Needing permission or a defined process before you can act. - Resistance to AI tooling, or a "wait and see" stance on it. - Product implementation experience without client services exposure. - Strong attachment to one prescribed methodology over the judgment to pick the right approach. Salary Information The base salary for this full-time position ranges from $135,000 to $165,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. Benefits - Competitive salary complemented by performance-based bonuses. - Fully company-paid insurance packages, including health, dental, vision, disability, and life. - A solid 401(k) plan with a 5% match of your base salary. - 20 days of paid vacation with flexibility for more. - 4 months of parental leave. - $10,000 in relocation assistance for moving to NYC. - $1,000 Working-from-Home stipend. - Annual $750 Learning & Development stipend. - Company-sponsored all-team celebrations. - Philanthropic contribution matching up to $2,000 annually.

Title: Security Engineer, Application Security Location: United States Department: Assurance Remote Full time Who We Are Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world. Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers. Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable. Role Trail of Bits seeks a Security Engineer, Application Security within our growing Software Assurance practice. You will conduct comprehensive security assessments of client software with a focus on low-level code analysis, examining system architecture, security boundaries, access controls, and platform security mechanisms. On any given day, you might analyze vulnerabilities in application code, automate the detection of security misconfigurations in cloud environments, assess privilege escalation capabilities, or review security boundaries in complex systems. Working alongside other security engineers, you'll contribute to client projects while building impactful tools. In short, your work will land at the intersection of Vulnerability Research and Application Security. In addition to working with leading technology companies in the private sector, you will have opportunities to collaborate with our Research & Engineering team to help secure funding from government agencies for advanced security research that bridges vulnerability research and application security, advancing the state of the art both within our team and industry at large. Please note that only applications completed via our Careers page will be considered for further review. What You’ll Achieve - Security Assessment: Conduct comprehensive low-level code security assessments across applications, examining vulnerabilities in system services, access control implementation, inter-process communication, and platform security controls while developing mitigation strategies. - Security Tool Development: Design and implement custom security tools for automated vulnerability detection, focusing on both application-specific and general security testing needs to bridge the gap between vulnerability research and application security. - Architecture Review: Perform detailed architecture reviews and threat modeling of complex software systems and cloud environments, identifying potential security weaknesses in areas such as data flows, authentication mechanisms, and API security while providing remediation guidance. - Client Engagement: Work directly with industry-leading teams to review their application infrastructure and architecture, helping secure their environments through deep technical analysis and recommendations. - Research & Innovation: Contribute to the advancement of application security, developing new methodologies and tools while staying up to date with the latest security developments in both traditional and emerging technology ecosystems. What You’ll Bring - Application security assessment experience. Direct experience conducting low-level code security assessments of complex software, identifying and mitigating application and system-level vulnerabilities. You read the code, not just the scanner output. - Manual code review depth. Hands-on experience performing manual code reviews to find vulnerabilities that automated tools miss. You can explain why a bug is exploitable, not just that a tool flagged it. - Static and dynamic analysis fluency. Experience using static and dynamic analysis tools as part of a deeper review process, including knowledge of where these tools fall short and how to extend them. - Binary analysis and reverse engineering. Experience performing binary analysis and reverse engineering of compiled software. Comfortable with disassemblers, decompilers, and the surrounding tooling. - Memory corruption vulnerabilities and mitigations. Demonstrated experience identifying memory corruption vulnerabilities and reasoning about modern mitigations. You understand the exploit primitives, not just the CWE category. - System internals and security boundaries. Deep experience reasoning about system internals, IPC, access control implementations, and platform security boundaries in complex software. - Architecture review and threat modeling. Experience performing architecture reviews and threat modeling of software systems and cloud environments, identifying weaknesses in data flows, authentication, and API design and proposing realistic remediation. - Security tool development. Experience designing and building custom security tools for automated vulnerability detection. You bridge vulnerability research and application security by shipping tools, not just consuming vendor outputs. - Programming proficiency across multiple languages. Hands-on experience programming in two or more of Rust, Golang, Kotlin, Swift, Objective-C, JavaScript, TypeScript, Python, Ruby, C, or C++, used for both security analysis and tool development. - Communicating findings to technical stakeholders. Experience translating complex security findings into clear, actionable recommendations for engineering and security teams. Reports here get read by people who can push back. Nice to Have - Experience with Android, iOS, or macOS system internals - Experience contributing to open source security tools, libraries, or research - Experience publishing original vulnerability research, CVEs, or technical writeups - Experience speaking at security conferences (DEF CON, Black Hat, BSides, OffensiveCon, RECon, etc.) - Experience identifying security misconfigurations in cloud environments (AWS, GCP, Azure) - Experience collaborating on government-funded security research (DARPA, IARPA, ONR, etc.) The base salary for this full-time position ranges from $100,000 to $200,000 excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process. Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. . Only applications completed via our Careers page will be considered for further review. When you apply, you'll be added to our newsletter so you can stay updated on company news and opportunities. You can opt out anytime. Benefits Benefits, Perks & Wellness Trail of Bits is our people, not a place. With over 100+ employees working from every time zone across the globe, our remote-first culture is built on autonomy and trust (and backed by smile-worthy benefits) for full-time employees: Empowered Living: - Competitive salary complemented by performance-based bonuses. - Fully company-paid insurance packages, including health, dental, vision, disability, and life. - A solid 401(k) plan with a 5% match of your base salary. - 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations. Nurturing New Beginnings: - 4 months of parental leave to cherish the arrival of new family members. - Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition. Work & Life Enrichment: - $1,000 Working-from-Home stipend to create a comfortable and productive home office. - Annual $750 Learning & Development stipend for continuous personal and professional growth. - Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements. Community Impact: - Philanthropic contribution matching up to $2,000 annually.

• Track engineering output, tool releases, research papers, conference talks, milestones — and make sure each gets coverage. • Work through the existing backlog of shipped tools and research that never got written up publicly. • Create case studies, briefs, blog drafts, and marketing assets that work for both technical and business audiences. • Partner with Technical Editing on content pipelines, especially around report publications and blog production, and provide additional writing capacity when the team needs it. • Own the content calendar across practices. Coordinate publishing schedules so coverage is steady and nothing falls through the cracks. • Own social media across X, LinkedIn, and Bluesky. Maintain a consistent publishing cadence, engage with the community, and grow our audience. • Manage Trail of Bits’ presence at industry events and relevant conferences. • Brief and prep engineers and leadership before external appearances. • Plan and run multi-channel campaigns (social, email, webinars, conference activations) that drive pipeline. • Collect and package customer proof points: testimonials, client logos, and case studies that support sales and credibility. • Improve upon existing baselines, track performance, and create a reporting rhythm so the team knows what’s working and where we should continue investing. • Build dashboards and regular reporting cadences that connect marketing activity to pipeline and revenue outcomes. • Gather market intelligence through customer conversations, competitor monitoring, and community engagement that informs how we position our services.

• Set the technical vision for your area of expertise. • Design and guide the execution of complex security research and engineering efforts that advance Trail of Bits' capabilities. • Engage with potential clients and drive the sales process independently. • Mentor 3–4 Senior Engineers, helping them build their professional networks and skillsets. • Lead projects end-to-end and ensure delivery. • Lead the company's publications and marketing efforts in your domain. • Identify team organization and operational problems and help fill them. • Architect and oversee the development of security-focused software tools and frameworks. • Guide the team's approach to AI/ML security research and tooling.

• Design and implement security-focused software tools and frameworks. • Contribute to open-source security projects and develop internal tools. • Analyze complex security challenges and develop practical solutions. • Understand security implications across the stack. • Implement secure CI/CD pipelines and integration with GitHub Actions. • Contribute to AI/ML security research and tooling. • Evaluate and improve the security of existing software through code review and enhancement. • Communicate technical concepts effectively and write for the broader security community. • Lead major feature development and break down high-level objectives into manageable tasks.

Who We AreFounded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world. Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers. Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable. RoleThis role is for a security-focused software engineer who will design, build, and enhance security tools and frameworks across various contexts. You'll work on projects ranging from AI/ML security frameworks to compiler-based security tools, and everything in between, contributing to software that makes a real difference in the security landscape. Trail of Bits is AI-native, so you will have all the latest technologies at your disposal to help you establish an efficient workflow at your discretion. As a Security Engineer, you are an individual contributor who receives tasking from project leads and delivers on technical milestones. Over time, you'll grow into leading major feature development, breaking down high-level objectives into manageable tasks, and presenting your work to clients. You'll be expected to pursue subject-matter expertise in areas that are part of Trail of Bits' core competencies and share what you learn through blogs, Lunch 'n' Learns, and publications. Software development will primarily involve Rust, C++, and Python, with occasional work in Go and Java. You will typically work in teams of 2–4 people, all from remote locations. Technical leads guide the team's work, collaborating with you and other members to define responsibilities based on project needs, individual strengths, and team input. Frequent communication with team members and clients is essential to success, and writing about your work publicly is encouraged and incentivized. We welcome applications from experienced professionals and talented recent graduates with relevant skills and interests. What You'll Achieve - Security Tool Development: Design and implement security-focused software tools and frameworks, contributing to projects that help achieve their technical milestones. - Open Source Contribution: Contribute to open-source security projects and develop internal tools that advance Trail of Bits' core competencies. - Security Solution Architecture: Analyze complex security challenges and develop practical, deployable solutions. As you grow, take ownership of deconstructing high-level objectives into smaller, more manageable tasks. - Full-Stack Security Understanding: Understand security implications across the stack, from low-level systems to application frameworks. - Secure Implementation: Implement secure CI/CD pipelines and integration with GitHub Actions. - AI/ML Security Research: Contribute to AI/ML security research and tooling. - Security Code Review: Evaluate and improve the security of existing software through code review and enhancement. - Technical Communication: Communicate technical concepts effectively to team members, clients, and the broader security community. Write blog posts, participate in Lunch 'n' Learns and publications, and grow toward delivering client-side presentations. - Technical Troubleshooting: Root-cause analysis and debugging on low-level technical issues. - Project Execution: Interpret requirements, decompose tasks, and make engineering estimates. Work toward leading major feature development and moving projects toward their milestones. What You'll Bring - Strong software development skills with experience in: Rust, C++, and/or Python. Occasionally, Go or Java knowledge is necessary. - Knowledge of AI/ML systems and associated security challenges. - Familiarity with AI development tools like Claude Code, Cursor, and others. - Experience with secure development practices and building secure software. - Demonstrated ability to quickly learn new programming languages, frameworks, and technologies. - Understanding of computer security principles and common vulnerability classes. - A drive to develop subject-matter expertise in an area of Trail of Bits' core competency. - Ability to work independently and as part of a remote team. - Strong written and verbal communication skills, with a willingness to write blog posts and present at internal knowledge-sharing sessions. - Familiarity with GitHub, CI/CD pipelines, and automated testing. Preferred Qualifications - Prior contributions to open-source security tools or frameworks. - Experience developing commercial-grade software used by the public. - Understanding of low-level systems, including memory management and operating system internals. - Experience with compiler technology, program analysis, or binary analysis. - Participation in CTF competitions or other security challenges. - Experience with multiple programming languages and paradigms. - Experience in reading, writing, and publishing academic papers. - Experience in public speaking. (Preferred qualifications are nice to have, but not required. Please apply even if you don’t meet all of these!) The US base salary for this full-time position ranges from $125,000 to $185,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. Learn more. When you apply, you'll be added to our newsletter so you can stay updated on company news and opportunities. You can opt out anytime. BenefitsBenefits, Perks & WellnessTrail of Bits is our people, not a place. With over 100+ employees working from every time zone across the globe, our remote-first culture is built on autonomy and trust (and backed by smile-worthy benefits) for full-time employees: Empowered Living: - Competitive salary complemented by performance-based bonuses. - Fully company-paid insurance packages, including health, dental, vision, disability, and life. - A solid 401(k) plan with a 5% match of your base salary. - 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations. Nurturing New Beginnings: - 4 months of parental leave to cherish the arrival of new family members. - Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition. Work & Life Enrichment: - $1,000 Working-from-Home stipend to create a comfortable and productive home office. - Annual $750 Learning & Development stipend for continuous personal and professional growth. - Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements. Community Impact: - Philanthropic contribution matching up to $2,000 annually.

Who We AreFounded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology's newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and public understanding of the technology that underlies our world. Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our clients' capabilities are at the forefront of what's available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers. Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they'll understand why a company like ours is so unique and valuable. RoleThe Principal Security Engineer serves as a cultural, business, and technical leader within Trail of Bits' Research & Engineering practice. Principal Engineers set technical vision, drive new business growth, lead projects, manage people, and champion the company's publications and marketing efforts. You'll leverage your experience and professional network to turn your ideas into meaningful research and engineering efforts that impact our digital world. You will mentor and inspire other engineers who share your vision, helping them build their networks and skillsets. You will be an ambassador to the company using our blog and speaking at conferences as your primary medium. Principal Engineers identify team organization and operational problems, spot knowledge gaps across the team, and take steps to help the team fill them. You'll work closely with Staff Engineers on technical roadmaps, collaborate with Directors on resourcing, and support the proposal process through SoW writing and scoping. Software development will primarily involve Rust, C++, and Python, with occasional work in Go and Java. You will lead and participate in teams of 2–4 people across remote locations. Frequent communication with team members, clients, and industry partners is essential to success. What You'll Achieve - Technical & Strategic Leadership: Set the technical vision for your area of expertise. Design and guide the execution of complex security research and engineering efforts that advance Trail of Bits' capabilities. - Business Development: Engage with potential clients and drive the sales process independently. Leverage your professional network to find external funding for new research and engineering initiatives. Support the proposal process through SoW writing and scoping. - People Leadership & Mentorship: Mentor 3–4 Senior Engineers, helping them build their professional networks and skillsets. Introduce mentees to your network and find opportunities for their growth. - Project Leadership: Lead projects end-to-end within and beyond your core expertise. Deconstruct high-level objectives into actionable milestones, allocate work across team members, and ensure delivery. - Publications & Industry Presence: Lead the company's publications and marketing efforts in your domain. Represent Trail of Bits at speaking events, panel discussions, and conferences. Author blog posts, whitepapers, and academic publications. - Organizational Improvement: Identify team organization and operational problems. Spot knowledge gaps across the team and take concrete steps to help the team fill them. - Security Tool Development: Architect and oversee the development of security-focused software tools and frameworks. Contribute hands-on when needed, particularly on novel or high-stakes problems. - Cross-Practice Collaboration: Work closely with other practices to understand their challenges and needs. Turn these into collaborative efforts to build useful tooling and advance shared goals. - AI/ML Security: Guide the team's approach to AI/ML security research and tooling. Identify emerging risks and opportunities in the AI/ML security landscape. What You'll Bring - Extensive software development and security engineering experience, with deep expertise in Rust, C++, and/or Python. - A well-established professional network in the security industry, government, or adjacent technical communities. - Demonstrated track record of leading security projects end-to-end, from scoping and proposal through delivery. - Experience engaging with clients and participating in the sales or business development process. - Proven ability to mentor and develop senior-level engineers, helping them grow their careers and professional networks. - Experience setting technical vision and strategy for a team or practice area. - Strong knowledge of AI/ML systems and associated security challenges. - Public speaking experience at conferences, panels, or industry events. - Published work demonstrating thought leadership in security through blog posts, whitepapers, academic papers, or open-source tools. - Excellent written and verbal communication skills, with the ability to communicate effectively with technical teams, clients, and executive leadership. - Experience writing SoWs, scoping proposals, and supporting the business development lifecycle. - Ability to identify organizational and operational problems and drive solutions. Preferred Qualifications - Experience building and maintaining a revenue-generating practice area or service line. - Track record of securing external funding (government contracts, grants, or sponsored research). - Deep understanding of low-level systems, including memory management, operating system internals, compiler technology, or binary analysis. - Experience designing IRAD portfolios or technical roadmaps for a research organization. - Contributions to major open-source security tools or frameworks. - Experience managing direct reports (1–4) and providing career development guidance. - Familiarity with the US Government contracting and proposal process. (Preferred qualifications are nice to have, but not required. Please apply even if you don't meet all of these!) The US base salary for this full-time position ranges from $200,000 to $250,000, depending on experience and qualifications, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. When you apply, you'll be added to our newsletter so you can stay updated on company news and opportunities. You can opt out anytime. BenefitsTrail of Bits is our people, not a place. With over 100+ employees working from every time zone across the globe, our remote-first culture is built on autonomy and trust (and backed by smile-worthy benefits) for full-time employees: Empowered Living: - Competitive salary complemented by performance-based bonuses. - Fully company-paid insurance packages, including health, dental, vision, disability, and life. - A solid 401(k) plan with a 5% match of your base salary. - 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations. Nurturing New Beginnings: - 4 months of parental leave to cherish the arrival of new family members. - Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition. Work & Life Enrichment: - $1,000 Working-from-Home stipend to create a comfortable and productive home office. - Annual $750 Learning & Development stipend for continuous personal and professional growth. - Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements. Community Impact: - Philanthropic contribution matching up to $2,000 annually.

Who We Are Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology's newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and public understanding of the technology that underlies our world. Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our clients' capabilities are at the forefront of what's available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers. Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they'll understand why a company like ours is so unique and valuable. Role The Principal Security Engineer serves as a cultural, business, and technical leader within Trail of Bits' Research & Engineering practice. Principal Engineers set technical vision, drive new business growth, lead projects, manage people, and champion the company's publications and marketing efforts. You'll leverage your experience and professional network to turn your ideas into meaningful research and engineering efforts that impact our digital world. You will mentor and inspire other engineers who share your vision, helping them build their networks and skillsets. You will be an ambassador to the company using our blog and speaking at conferences as your primary medium. Principal Engineers identify team organization and operational problems, spot knowledge gaps across the team, and take steps to help the team fill them. You'll work closely with Staff Engineers on technical roadmaps, collaborate with Directors on resourcing, and support the proposal process through SoW writing and scoping. Software development will primarily involve Rust, C++, and Python, with occasional work in Go and Java. You will lead and participate in teams of 2–4 people across remote locations. Frequent communication with team members, clients, and industry partners is essential to success. What You'll Achieve - Technical & Strategic Leadership: Set the technical vision for your area of expertise. Design and guide the execution of complex security research and engineering efforts that advance Trail of Bits' capabilities. - Business Development: Engage with potential clients and drive the sales process independently. Leverage your professional network to find external funding for new research and engineering initiatives. Support the proposal process through SoW writing and scoping. - People Leadership & Mentorship: Mentor 3–4 Senior Engineers, helping them build their professional networks and skillsets. Introduce mentees to your network and find opportunities for their growth. - Project Leadership: Lead projects end-to-end within and beyond your core expertise. Deconstruct high-level objectives into actionable milestones, allocate work across team members, and ensure delivery. - Publications & Industry Presence: Lead the company's publications and marketing efforts in your domain. Represent Trail of Bits at speaking events, panel discussions, and conferences. Author blog posts, whitepapers, and academic publications. - Organizational Improvement: Identify team organization and operational problems. Spot knowledge gaps across the team and take concrete steps to help the team fill them. - Security Tool Development: Architect and oversee the development of security-focused software tools and frameworks. Contribute hands-on when needed, particularly on novel or high-stakes problems. - Cross-Practice Collaboration: Work closely with other practices to understand their challenges and needs. Turn these into collaborative efforts to build useful tooling and advance shared goals. - AI/ML Security: Guide the team's approach to AI/ML security research and tooling. Identify emerging risks and opportunities in the AI/ML security landscape. What You'll Bring - Extensive software development and security engineering experience, with deep expertise in Rust, C++, and/or Python. - A well-established professional network in the security industry, government, or adjacent technical communities. - Demonstrated track record of leading security projects end-to-end, from scoping and proposal through delivery. - Experience engaging with clients and participating in the sales or business development process. - Proven ability to mentor and develop senior-level engineers, helping them grow their careers and professional networks. - Experience setting technical vision and strategy for a team or practice area. - Strong knowledge of AI/ML systems and associated security challenges. - Public speaking experience at conferences, panels, or industry events. - Published work demonstrating thought leadership in security through blog posts, whitepapers, academic papers, or open-source tools. - Excellent written and verbal communication skills, with the ability to communicate effectively with technical teams, clients, and executive leadership. - Experience writing SoWs, scoping proposals, and supporting the business development lifecycle. - Ability to identify organizational and operational problems and drive solutions. Preferred Qualifications - Experience building and maintaining a revenue-generating practice area or service line. - Track record of securing external funding (government contracts, grants, or sponsored research). - Deep understanding of low-level systems, including memory management, operating system internals, compiler technology, or binary analysis. - Experience designing IRAD portfolios or technical roadmaps for a research organization. - Contributions to major open-source security tools or frameworks. - Experience managing direct reports (1–4) and providing career development guidance. - Familiarity with the US Government contracting and proposal process. (Preferred qualifications are nice to have, but not required. Please apply even if you don't meet all of these!) The US base salary for this full-time position ranges from $200,000 to $250,000, depending on experience and qualifications, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. When you apply, you'll be added to our newsletter so you can stay updated on company news and opportunities. You can opt out anytime.

Who We Are Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world. Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers. Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable. Role This role is for a security-focused software engineer who will design, build, and enhance security tools and frameworks across various contexts. You'll work on projects ranging from AI/ML security frameworks to compiler-based security tools, and everything in between, contributing to software that makes a real difference in the security landscape. Trail of Bits is AI-native, so you will have all the latest technologies at your disposal to help you establish an efficient workflow at your discretion.  As a Security Engineer, you are an individual contributor who receives tasking from project leads and delivers on technical milestones. Over time, you'll grow into leading major feature development, breaking down high-level objectives into manageable tasks, and presenting your work to clients. You'll be expected to pursue subject-matter expertise in areas that are part of Trail of Bits' core competencies and share what you learn through blogs, Lunch 'n' Learns, and publications. Software development will primarily involve Rust, C++, and Python, with occasional work in Go and Java. You will typically work in teams of 2–4 people, all from remote locations. Technical leads guide the team's work, collaborating with you and other members to define responsibilities based on project needs, individual strengths, and team input. Frequent communication with team members and clients is essential to success, and writing about your work publicly is encouraged and incentivized. We welcome applications from experienced professionals and talented recent graduates with relevant skills and interests. What You'll Achieve - Security Tool Development: Design and implement security-focused software tools and frameworks, contributing to projects that help achieve their technical milestones. - Open Source Contribution: Contribute to open-source security projects and develop internal tools that advance Trail of Bits' core competencies. - Security Solution Architecture: Analyze complex security challenges and develop practical, deployable solutions. As you grow, take ownership of deconstructing high-level objectives into smaller, more manageable tasks. - Full-Stack Security Understanding: Understand security implications across the stack, from low-level systems to application frameworks. - Secure Implementation: Implement secure CI/CD pipelines and integration with GitHub Actions. - AI/ML Security Research: Contribute to AI/ML security research and tooling. - Security Code Review: Evaluate and improve the security of existing software through code review and enhancement. - Technical Communication: Communicate technical concepts effectively to team members, clients, and the broader security community. Write blog posts, participate in Lunch 'n' Learns and publications, and grow toward delivering client-side presentations. - Technical Troubleshooting: Root-cause analysis and debugging on low-level technical issues. - Project Execution: Interpret requirements, decompose tasks, and make engineering estimates. Work toward leading major feature development and moving projects toward their milestones. What You'll Bring - Strong software development skills with experience in: Rust, C++, and/or Python. Occasionally, Go or Java knowledge is necessary. - Knowledge of AI/ML systems and associated security challenges. - Familiarity with AI development tools like Claude Code, Cursor, and others. - Experience with secure development practices and building secure software. - Demonstrated ability to quickly learn new programming languages, frameworks, and technologies. - Understanding of computer security principles and common vulnerability classes. - A drive to develop subject-matter expertise in an area of Trail of Bits' core competency. - Ability to work independently and as part of a remote team. - Strong written and verbal communication skills, with a willingness to write blog posts and present at internal knowledge-sharing sessions. - Familiarity with GitHub, CI/CD pipelines, and automated testing. Preferred Qualifications - Prior contributions to open-source security tools or frameworks. - Experience developing commercial-grade software used by the public. - Understanding of low-level systems, including memory management and operating system internals. - Experience with compiler technology, program analysis, or binary analysis. - Participation in CTF competitions or other security challenges. - Experience with multiple programming languages and paradigms. - Experience in reading, writing, and publishing academic papers. - Experience in public speaking. (Preferred qualifications are nice to have, but not required. Please apply even if you don’t meet all of these!) The US base salary for this full-time position ranges from $125,000 to $185,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. Learn more. When you apply, you'll be added to our newsletter so you can stay updated on company news and opportunities. You can opt out anytime.