Senior Application Security Engineer

Trail of Bits

full-time

Posted on: 8/26/2025

Origin: • 🇺🇸 United States

✨ AI Apply

💰 $150,000 - $200,000 per year

Senior

AndroidCloudCyber SecurityGoiOSJavaScriptKotlinMacOSObjective-CPythonRubyRustSwiftTypeScript

About the role

Who We Are: Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies.
Role: Trail of Bits seeks a Senior Security Engineer, Application Security within our growing Software Assurance practice. You will conduct comprehensive security assessments of client software with a focus on low-level code analysis, examining system architecture, security boundaries, access controls, and platform security mechanisms.
Daily Tasks: Analyze vulnerabilities in application code, automate detection of security misconfigurations in cloud environments, assess privilege escalation capabilities, review security boundaries in complex systems, contribute to client projects, and build impactful tools.
Research Collaboration: Collaborate with Research & Engineering team to secure government funding for advanced security research bridging vulnerability research and application security.
What You’ll Achieve: Security Assessment, Security Tool Development, Architecture Review, Client Engagement, Research & Innovation.

Application Security Expertise: Extensive experience in software security, with demonstrated ability to identify and mitigate application and system-level vulnerabilities in code across complex enterprise software and understanding of security controls.
Assessment Experience: Track record of conducting technical security assessments of software, including software and system hardening, security policy analysis, and implementing effective security measures; Experience with Android, iOS, and/or macOS system internals a plus.
Technical Capabilities: Deep understanding of system internals and security boundaries, experience with manual code reviews, static and dynamic analysis tools, expertise in secure development practices, experience with binary analysis and reverse engineering, and understanding of memory corruption vulnerabilities and mitigations.
Programming Proficiency: Strong knowledge of multiple programming languages such as Rust, Golang, Kotlin, Swift, Objective-C, JavaScript/TypeScript, Python, Ruby, C and/or C++ for both security analysis and tool development.
Communication Skills: Ability to effectively communicate complex security concepts to diverse stakeholders and deliver clear, actionable recommendations.