Trail of Bits

Principal Security Engineer, Application Security

Trail of Bits

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $200,000 - $235,000 per year

Job Level

Lead

Tech Stack

CloudGoJavaJavaScriptKotlinObjective-CPythonRustSwiftTypeScript

About the role

  • Drive comprehensive security assessments and mentor team members.
  • Lead threat modeling exercises and perform deep code analysis across modern and legacy codebases.
  • Provide technical leadership across the Application Security team and develop methodologies.
  • Work with C-level executives and engineering leaders at strategic clients, translating security findings into business impact.
  • Collaborate with research to secure funding for advanced security research and contribute to publications.

Requirements

  • 8+ years of experience in application security with demonstrated mastery across web, mobile, cloud, and system-level security domains, including extensive experience identifying and mitigating sophisticated vulnerabilities in enterprise and security-critical software.
  • Demonstrated interest and experience in leveraging AI for security workflows, whether through custom tooling, LLM-assisted code review, or automated vulnerability detection, with an understanding of both the opportunities and limitations of AI in security.
  • Proven track record of leading complex security engagements, mentoring engineers, and driving projects to successful completion while maintaining deep technical involvement and high-quality deliverables.
  • Extensive experience conducting comprehensive security assessments, including penetration testing, code review, architecture analysis, and threat modeling across diverse technology ecosystems with a track record of discovering critical vulnerabilities.
  • Strong foundation in system internals, memory corruption vulnerabilities, binary analysis, and reverse engineering with the ability to move fluidly between application-layer and system-level security concerns.
  • Expert-level proficiency in manual code review across JavaScript/TypeScript, Python, Go, and additional languages such as Rust, C/C++, Java/Kotlin, Swift/Objective-C, with deep understanding of language-specific security pitfalls and secure coding patterns.
  • Hands-on experience with static and dynamic analysis tools, including customization, rule development, and integration into security assessment workflows, with ability to evaluate tool effectiveness and build custom solutions where needed.
  • Proven ability to lead sophisticated threat modeling exercises for complex systems, applying frameworks like STRIDE, PASTA, or custom approaches while facilitating productive sessions with diverse stakeholder groups.
  • Strong client-facing skills with ability to communicate complex technical findings to both technical and executive audiences, build lasting client relationships, and translate security research into business value.
Benefits
  • Competitive salary complemented by performance-based bonuses.
  • Fully company-paid insurance packages, including health, dental, vision, disability, and life.
  • A solid 401(k) plan with a 5% match of your base salary.
  • 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.
  • 4 months of parental leave to cherish the arrival of new family members.
  • $10,000 in relocation assistance to support your transition if moving to NYC.
  • $1,000 Working-from-Home stipend to create a comfortable and productive home office.
  • Annual $750 Learning & Development stipend for continuous personal and professional growth.
  • Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.
  • Philanthropic contribution matching up to $2,000 annually.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
application securitypenetration testingcode reviewarchitecture analysisthreat modelingJavaScriptTypeScriptPythonGoRust
Soft skills
mentoringtechnical leadershipclient-facing communicationrelationship buildingproject managementcollaborationtranslating technical findingsfacilitating sessionsinterpersonal skillsproblem-solving
Recruiting.com

Senior Director, Cybersecurity Operating Office

Recruiting.com
Seniorfull-timePennsylvania, Texas · 🇺🇸 United States
Posted: 19 minutes agoSource: myhrabc.wd5.myworkdayjobs.com
Cyber Security
Solace

Senior Security Engineer

Solace
Seniorfull-time🇺🇸 United States
Posted: 21 minutes agoSource: jobs.ashbyhq.com
AzureCloudJamf
Rise8

Senior Cybersecurity Engineer – Top Secret

Rise8
Seniorfull-time$163k–$204k / year🇺🇸 United States
Posted: 1 hour agoSource: boards.greenhouse.io
AWSAzureCloudCyber SecurityDistributed SystemsDNSFirewallsKubernetesLinuxPythonTerraform
CrowdStrike

Senior Security Researcher – Mobile Malware Reverse Engineer

CrowdStrike
Seniorfull-time$85k–$120k / year🇺🇸 United States
Posted: 2 hours agoSource: crowdstrike.wd5.myworkdayjobs.com
Cyber SecurityPython
Climb Channel Solutions NA

Senior Cloud Security Engineer

Climb Channel Solutions NA
Seniorfull-time🇺🇸 United States
Posted: 5 hours agoSource: jobs.ashbyhq.com
AWSAzureCloudCyber SecurityGoogle Cloud Platform