Principal Security Engineer, Application Security

Job not on LinkedIn

October 22

Apply Now

Receive Emails with Similar Jobs

Trail of Bits

WebsiteLinkedInAll Job Openings

Cybersecurity • SaaS • Blockchain

Trail of Bits is a company that specializes in software security and assurance. Established in 2012, it has assisted some of the most targeted organizations worldwide in securing their systems. Trail of Bits combines advanced security research with a practical attacker mindset to reduce risk and strengthen software code. The company offers services in software assurance, security engineering, and research and development, focusing on areas such as blockchain, cryptography, and mobile device security. They also provide expert training courses to enhance understanding of various security aspects like penetration testing and threat modeling.

51 - 200 employees

Founded 2012

🔒 Cybersecurity

☁️ SaaS

📋 Description

• Drive comprehensive security assessments and mentor team members. • Lead threat modeling exercises and perform deep code analysis across modern and legacy codebases. • Provide technical leadership across the Application Security team and develop methodologies. • Work with C-level executives and engineering leaders at strategic clients, translating security findings into business impact. • Collaborate with research to secure funding for advanced security research and contribute to publications.

🎯 Requirements

• 8+ years of experience in application security with demonstrated mastery across web, mobile, cloud, and system-level security domains, including extensive experience identifying and mitigating sophisticated vulnerabilities in enterprise and security-critical software. • Demonstrated interest and experience in leveraging AI for security workflows, whether through custom tooling, LLM-assisted code review, or automated vulnerability detection, with an understanding of both the opportunities and limitations of AI in security. • Proven track record of leading complex security engagements, mentoring engineers, and driving projects to successful completion while maintaining deep technical involvement and high-quality deliverables. • Extensive experience conducting comprehensive security assessments, including penetration testing, code review, architecture analysis, and threat modeling across diverse technology ecosystems with a track record of discovering critical vulnerabilities. • Strong foundation in system internals, memory corruption vulnerabilities, binary analysis, and reverse engineering with the ability to move fluidly between application-layer and system-level security concerns. • Expert-level proficiency in manual code review across JavaScript/TypeScript, Python, Go, and additional languages such as Rust, C/C++, Java/Kotlin, Swift/Objective-C, with deep understanding of language-specific security pitfalls and secure coding patterns. • Hands-on experience with static and dynamic analysis tools, including customization, rule development, and integration into security assessment workflows, with ability to evaluate tool effectiveness and build custom solutions where needed. • Proven ability to lead sophisticated threat modeling exercises for complex systems, applying frameworks like STRIDE, PASTA, or custom approaches while facilitating productive sessions with diverse stakeholder groups. • Strong client-facing skills with ability to communicate complex technical findings to both technical and executive audiences, build lasting client relationships, and translate security research into business value.

🏖️ Benefits

• Competitive salary complemented by performance-based bonuses. • Fully company-paid insurance packages, including health, dental, vision, disability, and life. • A solid 401(k) plan with a 5% match of your base salary. • 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations. • 4 months of parental leave to cherish the arrival of new family members. • $10,000 in relocation assistance to support your transition if moving to NYC. • $1,000 Working-from-Home stipend to create a comfortable and productive home office. • Annual $750 Learning & Development stipend for continuous personal and professional growth. • Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements. • Philanthropic contribution matching up to $2,000 annually.