Who We Are Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world. Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers. Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable. Role Trail of Bits seeks a Security Engineer, Application Security within our growing Software Assurance practice. You will conduct comprehensive security assessments of client software with a focus on low-level code analysis, examining system architecture, security boundaries, access controls, and platform security mechanisms. On any given day, you might analyze vulnerabilities in application code, automate the detection of security misconfigurations in cloud environments, assess privilege escalation capabilities, or review security boundaries in complex systems. Working alongside other security engineers, you'll contribute to client projects while building impactful tools. In short, your work will land at the intersection of Vulnerability Research and Application Security. In addition to working with leading technology companies in the private sector, you will have opportunities to collaborate with our Research & Engineering team to help secure funding from government agencies for advanced security research that bridges vulnerability research and application security, advancing the state of the art both within our team and industry at large. Please note that only applications completed via our Careers page will be considered for further review. What You’ll Achieve - Security Assessment: Conduct comprehensive low-level code security assessments across applications, examining vulnerabilities in system services, access control implementation, inter-process communication, and platform security controls while developing mitigation strategies. - Security Tool Development: Design and implement custom security tools for automated vulnerability detection, focusing on both application-specific and general security testing needs to bridge the gap between vulnerability research and application security. - Architecture Review: Perform detailed architecture reviews and threat modeling of complex software systems and cloud environments, identifying potential security weaknesses in areas such as data flows, authentication mechanisms, and API security while providing remediation guidance. - Client Engagement: Work directly with industry-leading teams to review their application infrastructure and architecture, helping secure their environments through deep technical analysis and recommendations. - Research & Innovation: Contribute to the advancement of application security, developing new methodologies and tools while staying up to date with the latest security developments in both traditional and emerging technology ecosystems. What You’ll Bring - Application Security Expertise: Extensive experience in software security, with demonstrated ability to identify and mitigate application and system-level vulnerabilities in code across complex enterprise software and understanding of security controls. - Assessment Experience: Track record of conducting technical security assessments of software, including software and system hardening, security policy analysis, and implementing effective security measures; Experience with Android, iOS, and/or macOS system internals a plus. - Technical Capabilities: Deep understanding of system internals and security boundaries, experience with manual code reviews, static and dynamic analysis tools, expertise in secure development practices, experience with binary analysis and reverse engineering, and understanding of memory corruption vulnerabilities and mitigations. - Programming Proficiency: Strong knowledge of multiple programming languages such as Rust, Golang, Kotlin, Swift, Objective-C, JavaScript/TypeScript, Python, Ruby, C and/or C++ for both security analysis and tool development. - Communication Skills: Ability to effectively communicate complex security concepts to diverse stakeholders and deliver clear, actionable recommendations. The base salary for this full-time position ranges from $100,000 to $200,000 excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process. Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. Learn more.  Only applications completed via our Careers page will be considered for further review. When you apply, you'll be added to our newsletter so you can stay updated on company news and opportunities. You can opt out anytime.

• Act as subject matter expert for Presidio’s Cybersecurity Solutions • Drive overall Cybersecurity service (consulting and vSOC) and product revenue • Proactively engage with clients as a trusted advisor to understand security challenges • Provide pre-sales support in collaboration with sales teams • Present and articulate Presidio security value proposition to clients • Proactively monitor and assess industry/technology advancements • Define requirements, solutions and value propositions to hand off to Solutions Architects • Work with Account Managers and Sales Directors to establish presence in key client accounts • Develop security solution profiles for top accounts • Own and develop relationships with key vendor contacts • Conduct security trainings to build outside sales team’s security capabilities • Monitor competition by gathering current marketplace information

• Diseñar e implementar arquitecturas de sistemas seguras adaptadas a las necesidades operativas y comerciales de BASF Coatings. • Colaborar estrechamente con expertos internos en ciberseguridad y con el Centro de Defensa de Ciberseguridad para realizar evaluaciones de vulnerabilidad y liderar los esfuerzos de remediación. • Brindar asistencia en incidentes, incluyendo análisis y coordinación de respuesta, para garantizar una recuperación rápida y aprendizaje continuo. • Asesorar sobre aspectos de ciberseguridad en proyectos de TI y OT, asegurando que la seguridad se integre desde el inicio. • Contribuir a la mejora continua de procesos, herramientas y concienciación en ciberseguridad en toda la organización.

• Diseñar e implementar arquitecturas de sistemas seguros adaptadas a las necesidades operativas y comerciales de BASF Coatings. • Colaborar estrechamente con expertos internos en ciberseguridad y el Centro de Defensa de Ciberseguridad para realizar evaluaciones de vulnerabilidad y llevar adelante esfuerzos de remediación. • Proporcionar asistencia en incidentes, incluyendo análisis y coordinación de respuesta, para asegurar una recuperación y aprendizaje rápidos. • Consultar sobre aspectos de ciberseguridad en proyectos de IT y OT, asegurando que la seguridad esté integrada desde el inicio. • Contribuir a la mejora continua de procesos, herramientas y conciencia de ciberseguridad en toda la organización.