• Lead the design, planning, and delivery of security projects spanning cloud infrastructure (primarily Azure), web application security, secure coding practices, application code reviews, GenAI/Agentic AI security controls, and security for global, multi-region/diverse infrastructure. • Coordinate closely with engineering, architecture, DevOps, product, and international teams to define requirements, align dependencies, and drive risk reduction through mature security practices. • Perform hands-on implementation, automation, and maintenance of security solutions, including vulnerability management, policy-as-code, automated remediation workflows, secure-by-design frameworks, web application firewalls, code scanning, and runtime protection. • Provide technical coordination on securing web applications (e.g., OWASP Top 10 mitigation, secure headers, input validation), application code (secure coding standards, SAST/DAST/IAST integration), threat modeling (e.g., STRIDE), SDLC security integration, and compliance with SOC 2, ISO 27001, and UK GDPR requirements. • Ensure security controls and processes support global operations, including data sovereignty, cross-border data flows, and regional regulatory variations under UK GDPR. • Socialize security best practices, facilitate knowledge transfer, and build collaborative relationships to embed security throughout the development and deployment lifecycle. • Drive full solution delivery and implementation of tools that enable secure development, web application protection, and operational security at scale. • Balance multiple priorities, overcome obstacles, and maintain structured delivery in a fast-paced, globally distributed environment.

• Oversee the security of The Trevor Project’s systems, data, and other digital assets. • Direct contributor to the overall organizational Information Security Program. • Support the security strategy plan and ensure compliance with security frameworks. • Monitor cloud based systems for security issues and deploy security tools. • Manage the Security Awareness Training Program and investigate security issues or breaches.

• Working independently and collaboratively with a team to both lead and support • Perform penetration testing on applications with complex technology stacks from both a: Unauthenticated perspective and Authenticated perspective • Dynamically flex your skills when assessing emerging or custom technologies. • Lead complex engagements to provide a technical consistency approach across multiple tests. • Contextualize vulnerabilities and assess realistic impact to a client accounting for mitigating and aggravating factors. • Manage priorities and tasks to achieve utilization targets. • Operate with professionalism both internally and with clients. • Ensure quality reports and services are delivered efficiently and on time. • Support sales and business growth by scoping out potential opportunities. • Maintains strong depth of knowledge in the practice area. • Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description As a Security Research Engineer, you will bridge the gap between cutting-edge security research and production-grade engineering. You will be responsible for building and maintaining the infrastructure that powers our research, with a focus on data pipelines and the delivery of novel, high-signal LLM-based tooling. This role is critical in helping our team scale its detection capabilities and turn theoretical security research into impactful features for both our internal teams, Open Source (OSS) users, and Enterprise (EE) customers. - Research Data Pipeline Ownership: Take full ownership of the research data pipeline, ensuring that data is ingested, processed, and utilized efficiently to fuel our detection engines and research projects. - Agentic Systems & Orchestration: Design and implement agentic workflows that leverage LLMs and other ML concepts for complex reasoning, multi-step tool-use, and autonomous security research tasks. - Engineering Support for Research: Act as the engineering backbone for our security research efforts, translating complex research concepts into scalable, functional tools. - Collaborative Prototyping: Support the Principal Research Engineer in delivering high-priority projects, providing the engineering muscle needed to accelerate our research roadmap. Qualifications - 5+ Years of Software Engineering Experience: A strong foundation in general software engineering, with a track record of building reliable, maintainable systems. - Data Pipeline Expertise: Proven experience running and optimizing data pipelines, ideally within the context of detection engineering or security analytics. - Intermediate AWS Knowledge: Intermediate experience deploying and maintaining research-focused resources on AWS. - Experience Building Production AI Tooling: Direct experience moving LLM-based projects from the PoC stage into a stable production environment. - Security Literacy: Intermediate knowledge of application security and offensive security principles (understanding how attackers operate). - Ownership & Ego-less Collaboration: You are comfortable owning entire projects from end-to-end but approach collaboration with a "no-ego" mindset. - Reliability: You are known for being thorough and ensuring that your work is dependable and robust. - Rapid Prototyping: An ability to build and iterate quickly, balancing speed with the thoroughness required for security-sensitive work. - AI-First Mindset: A deep interest in AI/ML with a commitment to high-quality output. Bonus points - Presentation Skills: Experience or interest in presenting research findings or technical work to the broader security community. - Secrets Experience: Prior experience working with secrets management, secret scanning, or related security disciplines. - Open Source Contributor: A history of contributing to or maintaining open-source security tools. Salary range The target salary range for this position is between $140,500 - $210,000. This role may span multiple levels. Starting salary will vary based on job-related skills, knowledge, and experience. Leveling will be determined during the interview process. You may also be offered a bonus, stock options, and benefits. These salary ranges are subject to change, and we encourage candidates outside of this salary range to apply. Benefits - Fully remote within the U.S.: We believe opportunity shouldn’t be limited by geography. - A culture of mentorship, equity, and psychological safety: We’re committed to fostering an environment where you can thrive, learn, and feel valued. - Competitive salary & meaningful equity: Be rewarded for your contributions with a strong compensation package and a stake in our shared success. - Flexible paid time off: We operate with a high level of autonomy and trust. - 14 paid holidays: Including Thanksgiving, Winter Break, and "Truffle Holidays". - Comprehensive health benefits: Medical, dental, and vision coverage with 80% of premiums covered for you and your dependents. - Remote work stipend: Get set up for success with an $800 new hire stipend and $100/month to keep your workspace comfortable. - Health & wellness stipend: $1,200/year to support your physical, mental, and emotional well-being. - Learning & development stipend: $2,000/year to invest in your growth. - 401(k) match: We match 100% of the first 6% of your contributions on every paycheck. - 100% remote + company off-sites: Twice a year, we come together in amazing locations.