[Remote] Security Engineer 1, Application Security

Note: The job is a remote job and is open to candidates in USA. Trail of Bits is a leading security firm founded by expert hackers aiming to address technology's most challenging risks. They are seeking a Security Engineer 1 to contribute to security assessments, identify vulnerabilities, and develop custom security tools while collaborating with senior engineers.

Responsibilities

• Lead security assessments for specific components, modules, or systems within larger client engagements. Identify vulnerabilities, trace root causes, and own your analysis from discovery through client delivery
• Find and validate real vulnerabilities in application code and systems. Explain exploitation paths, assess impact, and develop proof-of-concept code when needed. You'll do the work, not just assist
• Design and build security testing tools and automation for vulnerability detection. Own tool development from concept through deployment on client projects
• Conduct threat modeling and architecture reviews of software systems. Identify attack surfaces, data flows, and security boundaries. Propose concrete mitigations
• Translate technical findings into clear, actionable recommendations for engineering teams. Own client relationships for your component of the work
• Contribute to security research initiatives. Build tools, document findings, and stay on the cutting edge of vulnerability research and application security

Skills

• Demonstrable vulnerability research capability - Proven ability to find and validate real vulnerabilities. This means: CTF wins, published CVEs, bug bounty finds, or security research that shows you can actually discover exploitable issues
• Strong code analysis skills - You can read complex code, trace execution, identify logic flaws, and explain why something is exploitable. You understand the difference between a tool flagging something and it actually being a vulnerability
• Hands-on coding proficiency - Fluent in at least two of: Rust, Go, C, C++, Python, JavaScript, TypeScript, or similar. You write code for security analysis and tool development, not just consume it
• Memory safety understanding - You understand memory corruption vulnerabilities (buffer overflows, use-after-free, etc.) and modern mitigations (ASLR, DEP, CFI). You can reason about exploit primitives
• Systems knowledge - Deep familiarity with operating systems, IPC, privilege boundaries, and how applications interact with system internals. This isn't theoretical, you've worked with this stuff
• Autonomous problem-solving - You drive your own work. You own pieces of engagements. You ask good questions, debug issues, and reach conclusions without hand-holding
• Clear technical communication - You can explain complex security findings to engineers. Your reports get read because they're clear and actionable. You can defend your analysis
• Active CTF participation - Current or recent CTF team participation, CTF wins, or rankings. Shows you can solve hard security problems under pressure
• Published vulnerability research - CVEs, bug bounties, responsible disclosures, or security writeups. Shows you've found real issues and validated them
• Open source security contributions - Tools, libraries, or research contributions to open source projects. Shows you can ship security work
• Mobile security experience - Android, iOS, or macOS internals. Binary analysis on mobile platforms
• Published technical writing - Blog posts, security research writeups, conference talks, or technical documentation
• Cloud security experience - AWS, GCP, or Azure security assessment and architecture review
• Kernel or low-level development - Experience with kernel code, drivers, or system-level programming

Benefits

• Competitive salary complemented by performance-based bonuses
• Fully company-paid insurance packages, including health, dental, vision, disability, and life
• A solid 401(k) plan with a 5% match of your base salary
• 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations
• 4 months of parental leave to cherish the arrival of new family members
• If you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition
• $1,000 Working-from-Home stipend to create a comfortable and productive home office
• Annual $750 Learning & Development stipend for continuous personal and professional growth
• Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements
• Philanthropic contribution matching up to $2,000 annually

Company Overview