RemoteLeaf Logo
Log in Sign up

Security Engineer, Application Security

7 hours, 4 minutes ago
United States
Full-time
Senior
Security Engineer
Cybersecurity
Android AWS Azure C C++ GCP Go iOS JavaScript Kotlin macOS Objective-C Python Ruby Rust Swift TypeScript
Apply Now
Trail of Bits

Trail of Bits

Trail of Bits is a leading company specializing in computer and network security. Since 2012, they have been helping secure the world's most targeted organizations and products by combining high-end security research with a real-world attacker mentalit...

Internet Software & Services
51-250
Founded 2012
View All Jobs 11

Description

  • Conduct comprehensive low-level code security assessments of client software, including system services, access control implementations, IPC, and platform security controls.
  • Identify vulnerabilities in application code and system-level components, and develop practical mitigation strategies.
  • Perform manual code reviews to uncover issues that automated tools miss and explain exploitability and impact.
  • Use static and dynamic analysis as part of deeper security reviews and extend these tools where needed.
  • Perform binary analysis and reverse engineering of compiled software.
  • Review architecture and threat model complex software systems and cloud environments, including data flows, authentication, API security, and cloud configurations.
  • Design and implement custom security tools for automated vulnerability detection and security testing.
  • Work directly with client engineering and security teams to provide findings, recommendations, and remediation guidance.
  • Collaborate with Trail of Bits research and engineering teams on advanced security research and tool development.

Requirements

  • Direct experience conducting low-level application security assessments of complex software.
  • Hands-on manual code review experience finding vulnerabilities that automated tools miss.
  • Experience using static and dynamic analysis tools, including understanding their limitations.
  • Experience performing binary analysis and reverse engineering using disassemblers and decompilers.
  • Demonstrated experience identifying memory corruption vulnerabilities and reasoning about modern mitigations.
  • Deep experience with system internals, IPC, access control implementations, and platform security boundaries.
  • Experience performing architecture reviews and threat modeling for software systems and cloud environments.
  • Experience designing and building custom security tools for automated vulnerability detection.
  • Hands-on programming experience in two or more of Rust, Golang, Kotlin, Swift, Objective-C, JavaScript, TypeScript, Python, Ruby, C, or C++.
  • Experience communicating complex security findings and actionable recommendations to technical stakeholders.
  • Experience with Android, iOS, or macOS system internals (preferred).
  • Experience contributing to open source security tools, libraries, or research (preferred).
  • Experience publishing original vulnerability research, CVEs, or technical writeups (preferred).
  • Experience speaking at security conferences such as DEF CON, Black Hat, BSides, OffensiveCon, or RECon (preferred).
  • Experience identifying security misconfigurations in cloud environments such as AWS, GCP, or Azure (preferred).
  • Experience collaborating on government-funded security research such as DARPA, IARPA, or ONR projects (preferred).

Benefits

  • Competitive salary of $100,000 to $200,000, plus potential bonuses.
  • Performance-based bonuses.
  • Fully company-paid health, dental, vision, disability, and life insurance.
  • 401(k) plan with a 5% company match.
  • 20 days of paid vacation, with flexibility for more where jurisdiction allows.
  • 4 months of parental leave.
  • $10,000 relocation assistance for employees moving to New York City.
  • $1,000 work-from-home stipend and a $750 annual learning and development stipend.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Databricks

Specialist Solutions Architect - Cloud Infrastructure & Security

Databricks 1K-5K IT Services

Databricks is hiring a Specialist Solutions Architect for Cloud Infrastructure & Security to support customers in designing, deploying, and securing Databricks environments across public cloud platforms.

United States Full-time Senior Cloud Engineer Security Engineer
$180k-$248k
Apache Spark AWS Azure Databricks Encryption GCP Hadoop Java Kafka Network Security OAuth Python SAML Scala SQL Terraform
30 minutes ago
Reach

Head of Security

Reach 51-250 Internet Software & Services

Reach is hiring a Head of Security to own and lead information security for its global ecommerce platform, shaping and running the program end-to-end across security operations, compliance, risk, and engineering partnership.

Canada Full-time Lead Security Engineer
AWS Azure Confluence GCP JIRA Penetration Testing SIEM
53 minutes ago
ActiveCampaign

Senior Detection Engineer

ActiveCampaign 251-1K Internet Software & Services

ActiveCampaign is hiring a Senior Detection Engineer for a remote U.S. security role focused on building automated, scalable detection and incident response capabilities across its technology stack.

United States Full-time Senior Security Engineer
$126k-$154k
AWS LLM Python
3 hours, 44 minutes ago
STR

Senior Cyber Software Engineer

STR 251-1K Aerospace & Defense

STR is hiring a Senior Cyber Software Engineer to develop and assess software tools that improve the security and resiliency of national defense systems.

United States Full-time Senior Security Engineer Software Engineer
$134k-$184k
Bash C C++ CI/CD Docker GitHub Actions GitLab CI Gradle Jenkins Podman Rust
9 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers