Trail of Bits

Senior Security Engineer, Application Security

United States

Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
CybersecurityIndustries

Position Overview

  • Location Type: Remote
  • Job Type: Full-time
  • Salary: $10,000

Trail of Bits, founded in 2012 by expert hackers, is a premier cybersecurity firm dedicated to advancing security and tackling the most challenging technological risks. We secure some of the world's most targeted organizations and devices by combining novel research with practical solutions, reducing security risks from emerging technologies and driving the security industry forward. Our research-based and custom-engineering approach ensures clients have cutting-edge capabilities, and we democratize security information through blogs, whitepapers, newsletters, meetups, and open-source tools.

Role

Trail of Bits is seeking a Senior Security Engineer, Application Security to join our growing Software Assurance practice. This role involves conducting comprehensive security assessments of client software, with a focus on low-level code analysis, system architecture, security boundaries, access controls, and platform security mechanisms. You will analyze application code vulnerabilities, automate security misconfiguration detection in cloud environments, assess privilege escalation, and review complex system security boundaries. You will collaborate with other security engineers on client projects and build impactful tools, working at the intersection of Vulnerability Research and Application Security. Opportunities include collaborating with our Research & Engineering team on government-funded advanced security research.

Responsibilities

  • Security Assessment: Conduct comprehensive low-level code security assessments across applications, examining vulnerabilities in system services, access control implementation, inter-process communication, and platform security controls, while developing mitigation strategies.
  • Security Tool Development: Design and implement custom security tools for automated vulnerability detection, focusing on both application-specific and general security testing needs to bridge the gap between vulnerability research and application security.
  • Architecture Review: Perform detailed architecture reviews and threat modeling of complex software systems and cloud environments, identifying potential security weaknesses in areas such as data flows, authentication mechanisms, and API security, while providing remediation guidance.
  • Client Engagement: Work directly with industry-leading teams to review their application infrastructure and architecture, helping secure their environments through deep technical analysis and recommendations.
  • Research & Innovation: Contribute to the advancement of application security, developing new methodologies and tools while staying up to date with the latest security developments in both traditional and emerging technology ecosystems.

Requirements

  • Application Security Expertise: Extensive experience in software security, with a demonstrated ability to identify and mitigate application and system-level vulnerabilities in code.

Skills

Security Assessments
Low-level Code Analysis
System Architecture
Security Boundaries
Access Controls
Platform Security
Vulnerability Analysis
Cloud Security
Security Misconfiguration Detection
Privilege Escalation
Security Boundaries Review

Trail of Bits

Cybersecurity consulting and security research services

About Trail of Bits

Trail of Bits provides cybersecurity services focused on high-end security research and consulting for organizations facing complex security challenges. They specialize in areas such as reverse engineering, cryptography, virtualization, malware, and software exploits. Their services include security audits, secure deployment consulting, and developing solutions to address security vulnerabilities. The company caters to a diverse clientele, including major tech companies and government agencies, and generates revenue through consulting fees and training courses aimed at enhancing the skills of security teams. Trail of Bits distinguishes itself from competitors with its tailored consulting services and a strong emphasis on workplace culture, recognized as one of the best places to work. The goal of Trail of Bits is to help organizations effectively protect their systems and data from security threats.

New York City, New YorkHeadquarters
2012Year Founded
$5.2MTotal Funding
SEEDCompany Stage
Consulting, CybersecurityIndustries
51-200Employees

Risks

AI model unreliability in critical areas poses a risk for cybersecurity applications.
Emergence of pickle file attacks highlights vulnerabilities in machine learning models.
Focus on mobile security may divert resources from other critical cybersecurity areas.

Differentiation

Trail of Bits specializes in high-end security research and consulting services.
The company serves tech giants and government agencies with robust security measures.
Trail of Bits combines human intellect with computational power for meaningful security gains.

Upsides

Recognition as a leader in cybersecurity consulting boosts Trail of Bits' market credibility.
Partnerships with companies like Discord and Hugging Face expand their client base.
Involvement in iVerify's funding round shows strategic interest in mobile security.

Land your dream remote job 3x faster with AI