RemoteLeaf Logo
Log in Sign up

Security Engineer, Application Security

1 week, 3 days ago
United States
Full-time
Senior
Security Engineer
Cybersecurity
Android AWS Azure C C++ GCP Go iOS JavaScript Kotlin macOS Objective-C Python Ruby Rust Swift TypeScript
Apply Now
Trail of Bits

Trail of Bits

Trail of Bits is a leading company specializing in computer and network security. Since 2012, they have been helping secure the world's most targeted organizations and products by combining high-end security research with a real-world attacker mentalit...

Internet Software & Services
51-250
Founded 2012
View All Jobs 10

Description

  • Conduct comprehensive low-level code security assessments of client software, including system services, access control implementations, IPC, and platform security controls.
  • Identify vulnerabilities in application code and system-level components, and develop practical mitigation strategies.
  • Perform manual code reviews to uncover issues that automated tools miss and explain exploitability and impact.
  • Use static and dynamic analysis as part of deeper security reviews and extend these tools where needed.
  • Perform binary analysis and reverse engineering of compiled software.
  • Review architecture and threat model complex software systems and cloud environments, including data flows, authentication, API security, and cloud configurations.
  • Design and implement custom security tools for automated vulnerability detection and security testing.
  • Work directly with client engineering and security teams to provide findings, recommendations, and remediation guidance.
  • Collaborate with Trail of Bits research and engineering teams on advanced security research and tool development.

Requirements

  • Direct experience conducting low-level application security assessments of complex software.
  • Hands-on manual code review experience finding vulnerabilities that automated tools miss.
  • Experience using static and dynamic analysis tools, including understanding their limitations.
  • Experience performing binary analysis and reverse engineering using disassemblers and decompilers.
  • Demonstrated experience identifying memory corruption vulnerabilities and reasoning about modern mitigations.
  • Deep experience with system internals, IPC, access control implementations, and platform security boundaries.
  • Experience performing architecture reviews and threat modeling for software systems and cloud environments.
  • Experience designing and building custom security tools for automated vulnerability detection.
  • Hands-on programming experience in two or more of Rust, Golang, Kotlin, Swift, Objective-C, JavaScript, TypeScript, Python, Ruby, C, or C++.
  • Experience communicating complex security findings and actionable recommendations to technical stakeholders.
  • Experience with Android, iOS, or macOS system internals (preferred).
  • Experience contributing to open source security tools, libraries, or research (preferred).
  • Experience publishing original vulnerability research, CVEs, or technical writeups (preferred).
  • Experience speaking at security conferences such as DEF CON, Black Hat, BSides, OffensiveCon, or RECon (preferred).
  • Experience identifying security misconfigurations in cloud environments such as AWS, GCP, or Azure (preferred).
  • Experience collaborating on government-funded security research such as DARPA, IARPA, or ONR projects (preferred).

Benefits

  • Competitive salary of $100,000 to $200,000, plus potential bonuses.
  • Performance-based bonuses.
  • Fully company-paid health, dental, vision, disability, and life insurance.
  • 401(k) plan with a 5% company match.
  • 20 days of paid vacation, with flexibility for more where jurisdiction allows.
  • 4 months of parental leave.
  • $10,000 relocation assistance for employees moving to New York City.
  • $1,000 work-from-home stipend and a $750 annual learning and development stipend.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

TEECOM

Associate - Security

TEECOM 51-250 Construction & Engineering

TEECOM is hiring an Associate in Security to support remote project delivery for technology systems projects, owning discipline-specific deliverables and contributing to coordinated design work across client and project teams.

United States Full-time Senior Penetration Tester Security Engineer
$110k-$140k
Asana GitHub
1 hour, 24 minutes ago
Ensono

Mainframe Security Engineer

Ensono 1K-5K IT Services

Ensono is hiring a Mainframe System Security Engineer to manage security access and controls for mainframe systems across multiple security products in a hybrid enterprise environment.

India Full-time Senior Security Engineer
AWS Azure GCP
3 hours, 48 minutes ago
Anduril Industries

Staff Security Engineer

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is hiring a Staff Security Engineer to strengthen identity and access management for the systems that support its defense technology products.

United States Full-time Lead Security Engineer
$191k-$253k
AWS AWS CDK Azure CI/CD GCP Go OAuth OpenID Connect Rust SAML Terraform
4 hours, 18 minutes ago
Anduril Industries

Senior Security Engineer

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is seeking a Security Engineer to help secure its OT and ICS environments and protect the infrastructure supporting its defense technology products and factory systems.

United States Full-time Senior Security Engineer
$166k-$220k
Go Linux Python Rust
5 hours, 22 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers