Senior Security Engineer, Application Security

Position Overview

• Location Type: Remote
• Job Type: Full-time
• Salary: $10,000

Trail of Bits, founded in 2012 by expert hackers, is a premier cybersecurity firm dedicated to advancing security and tackling the most challenging technological risks. We secure some of the world's most targeted organizations and devices by combining novel research with practical solutions, reducing security risks from emerging technologies and driving the security industry forward. Our research-based and custom-engineering approach ensures clients have cutting-edge capabilities, and we democratize security information through blogs, whitepapers, newsletters, meetups, and open-source tools.

Role

Trail of Bits is seeking a Senior Security Engineer, Application Security to join our growing Software Assurance practice. This role involves conducting comprehensive security assessments of client software, with a focus on low-level code analysis, system architecture, security boundaries, access controls, and platform security mechanisms. You will analyze application code vulnerabilities, automate security misconfiguration detection in cloud environments, assess privilege escalation, and review complex system security boundaries. You will collaborate with other security engineers on client projects and build impactful tools, working at the intersection of Vulnerability Research and Application Security. Opportunities include collaborating with our Research & Engineering team on government-funded advanced security research.

Responsibilities

• Security Assessment: Conduct comprehensive low-level code security assessments across applications, examining vulnerabilities in system services, access control implementation, inter-process communication, and platform security controls, while developing mitigation strategies.
• Security Tool Development: Design and implement custom security tools for automated vulnerability detection, focusing on both application-specific and general security testing needs to bridge the gap between vulnerability research and application security.
• Architecture Review: Perform detailed architecture reviews and threat modeling of complex software systems and cloud environments, identifying potential security weaknesses in areas such as data flows, authentication mechanisms, and API security, while providing remediation guidance.
• Client Engagement: Work directly with industry-leading teams to review their application infrastructure and architecture, helping secure their environments through deep technical analysis and recommendations.
• Research & Innovation: Contribute to the advancement of application security, developing new methodologies and tools while staying up to date with the latest security developments in both traditional and emerging technology ecosystems.

Requirements

• Application Security Expertise: Extensive experience in software security, with a demonstrated ability to identify and mitigate application and system-level vulnerabilities in code.