• Working independently and collaboratively with a team to both lead and support • Perform penetration testing on applications with complex technology stacks from both a: Unauthenticated perspective and Authenticated perspective • Dynamically flex your skills when assessing emerging or custom technologies. • Lead complex engagements to provide a technical consistency approach across multiple tests. • Contextualize vulnerabilities and assess realistic impact to a client accounting for mitigating and aggravating factors. • Manage priorities and tasks to achieve utilization targets. • Operate with professionalism both internally and with clients. • Ensure quality reports and services are delivered efficiently and on time. • Support sales and business growth by scoping out potential opportunities. • Maintains strong depth of knowledge in the practice area. • Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description As a Security Research Engineer, you will bridge the gap between cutting-edge security research and production-grade engineering. You will be responsible for building and maintaining the infrastructure that powers our research, with a focus on data pipelines and the delivery of novel, high-signal LLM-based tooling. This role is critical in helping our team scale its detection capabilities and turn theoretical security research into impactful features for both our internal teams, Open Source (OSS) users, and Enterprise (EE) customers. - Research Data Pipeline Ownership: Take full ownership of the research data pipeline, ensuring that data is ingested, processed, and utilized efficiently to fuel our detection engines and research projects. - Agentic Systems & Orchestration: Design and implement agentic workflows that leverage LLMs and other ML concepts for complex reasoning, multi-step tool-use, and autonomous security research tasks. - Engineering Support for Research: Act as the engineering backbone for our security research efforts, translating complex research concepts into scalable, functional tools. - Collaborative Prototyping: Support the Principal Research Engineer in delivering high-priority projects, providing the engineering muscle needed to accelerate our research roadmap. Qualifications - 5+ Years of Software Engineering Experience: A strong foundation in general software engineering, with a track record of building reliable, maintainable systems. - Data Pipeline Expertise: Proven experience running and optimizing data pipelines, ideally within the context of detection engineering or security analytics. - Intermediate AWS Knowledge: Intermediate experience deploying and maintaining research-focused resources on AWS. - Experience Building Production AI Tooling: Direct experience moving LLM-based projects from the PoC stage into a stable production environment. - Security Literacy: Intermediate knowledge of application security and offensive security principles (understanding how attackers operate). - Ownership & Ego-less Collaboration: You are comfortable owning entire projects from end-to-end but approach collaboration with a "no-ego" mindset. - Reliability: You are known for being thorough and ensuring that your work is dependable and robust. - Rapid Prototyping: An ability to build and iterate quickly, balancing speed with the thoroughness required for security-sensitive work. - AI-First Mindset: A deep interest in AI/ML with a commitment to high-quality output. Bonus points - Presentation Skills: Experience or interest in presenting research findings or technical work to the broader security community. - Secrets Experience: Prior experience working with secrets management, secret scanning, or related security disciplines. - Open Source Contributor: A history of contributing to or maintaining open-source security tools. Salary range The target salary range for this position is between $140,500 - $210,000. This role may span multiple levels. Starting salary will vary based on job-related skills, knowledge, and experience. Leveling will be determined during the interview process. You may also be offered a bonus, stock options, and benefits. These salary ranges are subject to change, and we encourage candidates outside of this salary range to apply. Benefits - Fully remote within the U.S.: We believe opportunity shouldn’t be limited by geography. - A culture of mentorship, equity, and psychological safety: We’re committed to fostering an environment where you can thrive, learn, and feel valued. - Competitive salary & meaningful equity: Be rewarded for your contributions with a strong compensation package and a stake in our shared success. - Flexible paid time off: We operate with a high level of autonomy and trust. - 14 paid holidays: Including Thanksgiving, Winter Break, and "Truffle Holidays". - Comprehensive health benefits: Medical, dental, and vision coverage with 80% of premiums covered for you and your dependents. - Remote work stipend: Get set up for success with an $800 new hire stipend and $100/month to keep your workspace comfortable. - Health & wellness stipend: $1,200/year to support your physical, mental, and emotional well-being. - Learning & development stipend: $2,000/year to invest in your growth. - 401(k) match: We match 100% of the first 6% of your contributions on every paycheck. - 100% remote + company off-sites: Twice a year, we come together in amazing locations.

• Analyze and assess novel and recurring security issues via design reviews, code audits, and penetration tests. • Design and build security tools, and develop mitigations, frameworks, and hardening strategies tailored for vulnerability prevention and detection. • Review and develop secure operational practices, and provide security guidance for engineers. • Respond to and triage reports from bug bounty programs.

• Build Secure-by-Default Infrastructure: Design and implement cloud-hardened architectures, secure base images (containers, VMs), and environments with embedded native security controls. • Automate Security as Code: Be an expert in Policy-as-Code and Security-as-Code. Create and maintain Terraform modules, admission policies, and automated controls that prevent insecure configurations before deployment. • Implement and Manage Security Controls: Operate cloud security tools, identity & access management (IAM), endpoint security, DLP, and threat monitoring systems. • Manage Perimeter Defenses: Configure and maintain edge security solutions (WAF, CDN, anti-bot), ensuring secure change processes, pre-production testing, and rollback procedures when needed. • Enable Engineering Teams: Work alongside engineers to integrate security from the start, build tools and frameworks that enable secure development, and make security an accelerator — not a bottleneck — for team velocity. • Support Incident Response: Define response playbooks for cloud and platform security incidents, acting as a senior technical specialist when needed. • Maintain Compliance and Best Practices: Ensure adherence to security frameworks (CIS, NIST, OWASP, PCI-DSS, LGPD) and stay up to date on emerging threats and mitigation technologies.