We are a fast-growing Series A startup building cutting-edge technology to revolutionize cloud development processes and support highly efficient dev&test feedback loops. We’ve closed our last $25mil round in Q4 2024, led by Notable Capital, CRV and Heavybit. At its core, LocalStack provides a high-fidelity emulator and local cloud development platform. Imagine developing cloud applications and data pipelines entirely on your local machine within a lightweight cloud sandbox, running in Docker! Our mission is to empower developers to rapidly build and test their cloud applications, allowing for a more enjoyable dev experience, and saving valuable time and resources. LocalStack has a large and active developer community with over 100k active users worldwide and 290M+ downloads to date. Our customer base ranges from SMBs to Global Fortune 500 companies. We are sustainably growing our globally distributed team across sectors LocalStack is headquartered in Zurich/Switzerland 🇨🇭, with a main engineering office in Vienna/Austria 🇦🇹 and remote team members from 🇺🇸the US, 🇫🇷FR, 🇬🇧UK, 🇨🇦CA, 🇪🇸ES, and many more countries. 👉Check our Notion Candidate Handbook and our GitHub! This is the right opportunity for a person with 7+ years in a security engineering or security compliance role, experience leading vendor risk assessments and building compliance frameworks from the ground up, a strong background in API design and build, as well as a strong background in DevSecOps, incident response, and pragmatic, risk-driven security leadership.

We are a fast-growing Series A startup building cutting-edge technology to revolutionize cloud development processes and support highly efficient dev&test feedback loops. We’ve closed our last $25mil round in Q4 2024, led by Notable Capital, CRV and Heavybit. At its core, LocalStack provides a high-fidelity emulator and local cloud development platform. Imagine developing cloud applications and data pipelines entirely on your local machine within a lightweight cloud sandbox, running in Docker! Our mission is to empower developers to rapidly build and test their cloud applications, allowing for a more enjoyable dev experience, and saving valuable time and resources. LocalStack has a large and active developer community with over 100k active users worldwide and 290M+ downloads to date. Our customer base ranges from SMBs to Global Fortune 500 companies. We are sustainably growing our globally distributed team across sectors LocalStack is headquartered in Zurich/Switzerland 🇨🇭, with a main engineering office in Vienna/Austria 🇦🇹 and remote team members from 🇺🇸the US, 🇫🇷FR, 🇬🇧UK, 🇨🇦CA, 🇪🇸ES, and many more countries. 👉Check our Notion Candidate Handbook and our GitHub! This is the right opportunity for a person with 7+ years in a security engineering or security compliance role, experience leading vendor risk assessments and building compliance frameworks from the ground up, a strong background in API design and build, as well as a strong background in DevSecOps, incident response, and pragmatic, risk-driven security leadership.

Who We Are Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology's newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and public understanding of the technology that underlies our world. Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our clients' capabilities are at the forefront of what's available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers. Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they'll understand why a company like ours is so unique and valuable. Role The Principal Security Engineer serves as a cultural, business, and technical leader within Trail of Bits' Research & Engineering practice. Principal Engineers set technical vision, drive new business growth, lead projects, manage people, and champion the company's publications and marketing efforts. You'll leverage your experience and professional network to turn your ideas into meaningful research and engineering efforts that impact our digital world. You will mentor and inspire other engineers who share your vision, helping them build their networks and skillsets. You will be an ambassador to the company using our blog and speaking at conferences as your primary medium. Principal Engineers identify team organization and operational problems, spot knowledge gaps across the team, and take steps to help the team fill them. You'll work closely with Staff Engineers on technical roadmaps, collaborate with Directors on resourcing, and support the proposal process through SoW writing and scoping. Software development will primarily involve Rust, C++, and Python, with occasional work in Go and Java. You will lead and participate in teams of 2–4 people across remote locations. Frequent communication with team members, clients, and industry partners is essential to success. What You'll Achieve - Technical & Strategic Leadership: Set the technical vision for your area of expertise. Design and guide the execution of complex security research and engineering efforts that advance Trail of Bits' capabilities. - Business Development: Engage with potential clients and drive the sales process independently. Leverage your professional network to find external funding for new research and engineering initiatives. Support the proposal process through SoW writing and scoping. - People Leadership & Mentorship: Mentor 3–4 Senior Engineers, helping them build their professional networks and skillsets. Introduce mentees to your network and find opportunities for their growth. - Project Leadership: Lead projects end-to-end within and beyond your core expertise. Deconstruct high-level objectives into actionable milestones, allocate work across team members, and ensure delivery. - Publications & Industry Presence: Lead the company's publications and marketing efforts in your domain. Represent Trail of Bits at speaking events, panel discussions, and conferences. Author blog posts, whitepapers, and academic publications. - Organizational Improvement: Identify team organization and operational problems. Spot knowledge gaps across the team and take concrete steps to help the team fill them. - Security Tool Development: Architect and oversee the development of security-focused software tools and frameworks. Contribute hands-on when needed, particularly on novel or high-stakes problems. - Cross-Practice Collaboration: Work closely with other practices to understand their challenges and needs. Turn these into collaborative efforts to build useful tooling and advance shared goals. - AI/ML Security: Guide the team's approach to AI/ML security research and tooling. Identify emerging risks and opportunities in the AI/ML security landscape. What You'll Bring - Extensive software development and security engineering experience, with deep expertise in Rust, C++, and/or Python. - A well-established professional network in the security industry, government, or adjacent technical communities. - Demonstrated track record of leading security projects end-to-end, from scoping and proposal through delivery. - Experience engaging with clients and participating in the sales or business development process. - Proven ability to mentor and develop senior-level engineers, helping them grow their careers and professional networks. - Experience setting technical vision and strategy for a team or practice area. - Strong knowledge of AI/ML systems and associated security challenges. - Public speaking experience at conferences, panels, or industry events. - Published work demonstrating thought leadership in security through blog posts, whitepapers, academic papers, or open-source tools. - Excellent written and verbal communication skills, with the ability to communicate effectively with technical teams, clients, and executive leadership. - Experience writing SoWs, scoping proposals, and supporting the business development lifecycle. - Ability to identify organizational and operational problems and drive solutions. Preferred Qualifications - Experience building and maintaining a revenue-generating practice area or service line. - Track record of securing external funding (government contracts, grants, or sponsored research). - Deep understanding of low-level systems, including memory management, operating system internals, compiler technology, or binary analysis. - Experience designing IRAD portfolios or technical roadmaps for a research organization. - Contributions to major open-source security tools or frameworks. - Experience managing direct reports (1–4) and providing career development guidance. - Familiarity with the US Government contracting and proposal process. (Preferred qualifications are nice to have, but not required. Please apply even if you don't meet all of these!) The US base salary for this full-time position ranges from $200,000 to $250,000, depending on experience and qualifications, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. When you apply, you'll be added to our newsletter so you can stay updated on company news and opportunities. You can opt out anytime.

Who are we? SupportYourApp is an international Intelligent Support-as-a-Service company that has been providing business process outsourcing services to other IT companies around the globe (technical and customer support, services to improve customer experience) for the past 15 years. We have 1300+ people in our international community. We operate globally, supporting clients in 60 languages, partnering with industry leaders like MasterCard, Calm and MacPaw. With international hubs and coworking spaces around the world, we also develop innovative products like Quidget and improve the customer experience every single day. About the role: Our team is continuously growing alongside our expanding client base, so we are looking for a Security Control Specialist who is eager to apply their technical expertise, develop in the field of security, and work with real incidents and modern tools. Sounds exciting? There’s more to come 💛 What you will do: - Incident Management: - Full cycle of investigation and coordination in response to security or workflow breaches; - Direct contact and communication with Clients and stakeholders in the event of a Data Breach; - Performing Root Cause Analysis, developing preventive measures, and preparing reports for top management; - Analyzing Client's operational workflows based on incident trends to identify potential threats to the company and developing proactive security optimization recommendations; - Supplier Assessment: - Evaluating the security of software, platforms, and third-party services. - Hiring Compliance: - Assessing new hiring locations regarding data protection standards and security tool feasibility. - Documentation: - Developing incident management procedures and maintaining the internal knowledge base. What you need to succeed in this role: - Proven experience in investigating and handling information security incidents (from 1 year); - Analytical mindset and the ability to make fast decisions to mitigate incident impact; - Strong self-organization skills and the ability to prioritize work independently; - Understanding of data privacy principles and breach notification requirements; - English proficiency at level B2 or higher. Will Be a Plus: - Proficiency in OSINT methodologies for investigations; - Experience in the BPO or Customer Support industry; - Basic knowledge of security tools logic (SIEM,EDR,DLP, NGFW, VPN,VDI). Benefits and Perks: - Providing services during business hours; - Opportunity to cooperate fully remotely; - Inclusive international environment; - Compensation in USD; - Rewards for referring friends; - Balance between project workload and personal time, but also – internal health policy; - Responsive leadership interested in your growth and long-lasting cooperation; - Greenhouse conditions for self-development; - A culture built on trust, with no time-tracking requirements. *The items listed in this section may vary depending on the terms of your engagement. Certain benefits and conditions typically apply to employees; independent contractors may not be eligible for all of these. The specific terms, including compensation, benefits, and work conditions, will be clearly defined in your agreement if selected. You can learn more about the company and its culture by visiting our official website and social pages on Facebook, Instagram, and LinkedIn. If you’re interested in cybersecurity incident response, investigations, and improving security processes, we’d be glad to receive your resume. Grab the chance to join us and send your CV in English, pointing out your outstanding skills! Know someone perfect for the role? Refer them and get rewarded!  We adhere to the principles of equal treatment of candidates and prohibit discrimination on any grounds protected by law. Your personal data will be processed as described in the SupportYourApp Candidate Privacy Notice. Internal job code:1HA