Security Engineer, Application Security

Trail of Bits

Security Engineer specializing in application security assessments at Trail of Bits, focusing on vulnerability research and secure development practices.

Posted 4/1/2026full-timeRemote • 🇺🇸 United StatesMid-LevelSenior💰 $100,000 - $200,000 per yearWebsite

Tech Stack

Tools & technologies

AndroidCloudGoiOSJavaScriptKotlinMacOSObjective-CPythonRubyRustSwiftTypeScript

About the role

Key responsibilities & impact

Conduct comprehensive low-level code security assessments across applications, examining vulnerabilities in system services, access control implementation, inter-process communication, and platform security controls while developing mitigation strategies.
Design and implement custom security tools for automated vulnerability detection, focusing on both application-specific and general security testing needs to bridge the gap between vulnerability research and application security.
Perform detailed architecture reviews and threat modeling of complex software systems and cloud environments, identifying potential security weaknesses in areas such as data flows, authentication mechanisms, and API security while providing remediation guidance.
Work directly with industry-leading teams to review their application infrastructure and architecture, helping secure their environments through deep technical analysis and recommendations.
Contribute to the advancement of application security, developing new methodologies and tools while staying up to date with the latest security developments in both traditional and emerging technology ecosystems.

Requirements

What you’ll need

Extensive experience in software security, with demonstrated ability to identify and mitigate application and system-level vulnerabilities in code across complex enterprise software.
Track record of conducting technical security assessments of software, including software and system hardening, security policy analysis, and implementing effective security measures; Experience with Android, iOS, and/or macOS system internals a plus.
Deep understanding of system internals and security boundaries, experience with manual code reviews, static and dynamic analysis tools, expertise in secure development practices, experience with binary analysis and reverse engineering, and understanding of memory corruption vulnerabilities and mitigations.
Strong knowledge of multiple programming languages such as Rust, Golang, Kotlin, Swift, Objective-C, JavaScript/TypeScript, Python, Ruby, C and/or C++ for both security analysis and tool development.
Ability to effectively communicate complex security concepts to diverse stakeholders and deliver clear, actionable recommendations.

Benefits

Comp & perks

Competitive salary complemented by performance-based bonuses.
Fully company-paid insurance packages, including health, dental, vision, disability, and life.
A solid 401(k) plan with a 5% match of your base salary.
20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.
4 months of parental leave to cherish the arrival of new family members.
$10,000 in relocation assistance to support your transition to NYC if interested.
$1,000 Working-from-Home stipend to create a comfortable and productive home office.
Annual $750 Learning & Development stipend for continuous personal and professional growth.
Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.
Philanthropic contribution matching up to $2,000 annually.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

code security assessmentsvulnerability detectionarchitecture reviewsthreat modelingmanual code reviewsstatic analysisdynamic analysissecure development practicesbinary analysisreverse engineering

Soft Skills

communicationtechnical analysisrecommendations