RemoteLeaf Logo
Log in Sign up

Security Engineer, Application Security

1 month, 2 weeks ago
United States
Full-time
Senior
Security Engineer
Cybersecurity
Android AWS Azure C C++ GCP Go iOS JavaScript Kotlin macOS Objective-C Python Ruby Rust Swift TypeScript
Apply Now
Trail of Bits

Trail of Bits

Trail of Bits is a leading company specializing in computer and network security. Since 2012, they have been helping secure the world's most targeted organizations and products by combining high-end security research with a real-world attacker mentalit...

Internet Software & Services
51-250
Founded 2012
View All Jobs 8

Description

  • Conduct comprehensive low-level code security assessments of client software, including system services, access control implementations, IPC, and platform security controls.
  • Identify vulnerabilities in application code and system-level components, and develop practical mitigation strategies.
  • Perform manual code reviews to uncover issues that automated tools miss and explain exploitability and impact.
  • Use static and dynamic analysis as part of deeper security reviews and extend these tools where needed.
  • Perform binary analysis and reverse engineering of compiled software.
  • Review architecture and threat model complex software systems and cloud environments, including data flows, authentication, API security, and cloud configurations.
  • Design and implement custom security tools for automated vulnerability detection and security testing.
  • Work directly with client engineering and security teams to provide findings, recommendations, and remediation guidance.
  • Collaborate with Trail of Bits research and engineering teams on advanced security research and tool development.

Requirements

  • Direct experience conducting low-level application security assessments of complex software.
  • Hands-on manual code review experience finding vulnerabilities that automated tools miss.
  • Experience using static and dynamic analysis tools, including understanding their limitations.
  • Experience performing binary analysis and reverse engineering using disassemblers and decompilers.
  • Demonstrated experience identifying memory corruption vulnerabilities and reasoning about modern mitigations.
  • Deep experience with system internals, IPC, access control implementations, and platform security boundaries.
  • Experience performing architecture reviews and threat modeling for software systems and cloud environments.
  • Experience designing and building custom security tools for automated vulnerability detection.
  • Hands-on programming experience in two or more of Rust, Golang, Kotlin, Swift, Objective-C, JavaScript, TypeScript, Python, Ruby, C, or C++.
  • Experience communicating complex security findings and actionable recommendations to technical stakeholders.
  • Experience with Android, iOS, or macOS system internals (preferred).
  • Experience contributing to open source security tools, libraries, or research (preferred).
  • Experience publishing original vulnerability research, CVEs, or technical writeups (preferred).
  • Experience speaking at security conferences such as DEF CON, Black Hat, BSides, OffensiveCon, or RECon (preferred).
  • Experience identifying security misconfigurations in cloud environments such as AWS, GCP, or Azure (preferred).
  • Experience collaborating on government-funded security research such as DARPA, IARPA, or ONR projects (preferred).

Benefits

  • Competitive salary of $100,000 to $200,000, plus potential bonuses.
  • Performance-based bonuses.
  • Fully company-paid health, dental, vision, disability, and life insurance.
  • 401(k) plan with a 5% company match.
  • 20 days of paid vacation, with flexibility for more where jurisdiction allows.
  • 4 months of parental leave.
  • $10,000 relocation assistance for employees moving to New York City.
  • $1,000 work-from-home stipend and a $750 annual learning and development stipend.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

GuidePoint Security

AI Security Engineer - Mid-Atlantic region (Remote in VA, MD, PA, NC, DE, NJ, or DC)

GuidePoint Security 251-1K Internet Software & Services

GuidePoint Security is hiring an AI Security Engineer to help customers design, implement, secure, and operate generative AI security solutions across enterprise environments.

United States Full-time Senior Machine Learning Engineer Security Engineer
Cybersecurity Generative AI LLM Python SageMaker Terraform
4 hours, 43 minutes ago
Datadog

Staff Software Engineer - K9 Security

Datadog 5K-10K IT Services

Datadog is hiring a Staff Software Engineer on its Security Agent team to lead low-level Linux instrumentation and runtime security work that powers threat detection and workload protection across its security products.

Spain France Germany Ireland Italy Full-time Lead Security Engineer Software Engineer
Datadog Linux
4 hours, 58 minutes ago
Puck

Director of Security

Puck 1-10 Internet Software & Services

Earnest is seeking a Director of Security to lead its security function and build a mature, business-aligned security program for a growth-stage fintech environment.

United States Full-time Executive Security Engineer
$240k-$300k
Ansible CI/CD DevSecOps Terraform
4 hours, 58 minutes ago
Datadog

Staff Software Engineer - K9 Security

Datadog 5K-10K IT Services

Datadog is hiring a Staff Software Engineer for its Security Agent team to lead Linux instrumentation and runtime security work that supports threat detection, workload protection, and cloud security products at scale.

Portugal Full-time Lead Security Engineer Software Engineer
Linux
5 hours, 43 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers