Security Engineer, Application Security
$100k - $160kTrail of Bits
About Trail of Bits: Trail of Bits (trailofbits.com) is an elite, globally recognized cybersecurity innovator, vulnerability research architect, and software defense provider operating on an absolute mission to protect, automate, and systematically harden high-stakes digital infrastructures. Founded in 2012 by expert security specialists with zero outside capital investment, our high-impact engineering culture combines cutting-edge offensive research with practical testing tooling to protect the world most targeted networks, cryptographic protocols, and embedded devices. Trail of Bits operates under a strict transparency philosophy, sharing deep internal security intelligence with the public through comprehensive research whitepapers, open-source auditing utilities, and global developer tool contributions. Trail of Bits equips technical security experts with an uncompromised software canvas to eliminate memory safety corruption bugs, research low-level platform internals, and deploy category-defining testing automations globally.
Position Overview
We are seeking a highly analytical, connection-obsessed, and systems-minded Security Engineer 1 to join our fast-growing Software Assurance group under an uncompromised full-time individual remote engagement framework based anywhere inside the United States. Operating at the direct intersection of production-grade codebase debugging, custom automated engineering, and offensive vulnerability discovery, you will step up to claim true individual operational and strategic accountability over evaluating complex client application stacks. Shifting completely away from routine passive spreadsheet template logging, basic non-technical policy checkbox checking, minor asset tracking, or slow coordinating loops, you will run an active reverse engineering, source-code auditing, and architectural boundary analysis laboratory—partnering face-to-face with senior assurance leads, open-source engineers, and external software development groups. This position requires an early-career technical specialist or a transitioning software developer with 0-2 years of closing depth who maps out system risks fluidly natively using Cybersecurity methodologies, evaluates complex backend topologies cleanly natively leveraging memory-corruption mitigation parameters, and commands rigorous software threat-modeling cycles confidently under high-stakes client engagement environments.
Key Responsibilities
- Client Security Assessment Ownership: Take absolute structural ownership over identifying vulnerabilities, tracing deep architectural failures, and driving security assessments across specific sub-modules within larger scale enterprise software ecosystems.
- Offensive Vulnerability Analysis: Review, audit, and validate critical logical and structural vulnerabilities inside client application codebases, mapping out exploit vectors and compiling functional proof-of-concept components cleanly natively utilizing Cybersecurity parameters.
- Custom Testing Automation Engineering: Design, develop, and deploy specialized security testing frameworks, static analyzers, and fuzzing automation scripts to accelerate deep bug detection on client codebases.
- Architecture Review and Threat Modeling: Conduct advanced code threat modeling and surface evaluations to trace application data flows, establish secure multi-tenant privilege boundaries, and propose definitive mitigation patches.
- Clear Engineering Communication: Translate complex exploitation primitives and high-severity findings into scannable, actionable recommendations, taking ownership of technical relationships with engineering stakeholders.
- Open Security Research Innovation: Contribute to foundational internal and public research streams, drafting detailed documentation and developing open-source auditing libraries to stay at the vanguard of modern application safety.
Required Skills & Qualifications
- Proven history demonstrating practical vulnerability research talent, backed by a verifiable track record of identifying real bugs (e.g., public CVE registries, bug bounty disclosures, or competitive CTF team placements).
- Expert-tier capability reading complex source arrays, tracing runtime memory changes, and analyzing raw execution logic fluently natively utilizing Cybersecurity principles.
- Hands-on system programming fluency writing, debugging, or analyzing software across at least two major programming languages (such as Rust, Go, C, C++, Python, or TypeScript).
- Solid understanding of lower-level memory safety mechanics, including clear conceptual literacy regarding buffer overflows, use-after-free anomalies, ASLR, DEP, and Control Flow Integrity (CFI).
- Strong operating systems familiarity, understanding process-to-process communication configurations, privilege separation modules, and kernel-space interaction vectors.
- Highly autonomous, self-sufficient problem-solving habits enabling you to execute granular codebase research steps and reach sound conclusions without constant managerial hand-holding.
- Location Context: Position open to qualified application security professionals located and resident permanently within the United States to execute a highly autonomous, work-from-home remote track.
Preferred Strategic Indicators (Nice to Have)
- Active, current participation or historic ranking achievements inside elite international Capture the Flag (CTF) security hacking teams.
- Prior history contributing to public open-source software security repositories, building security libraries, or delivering technical conference presentations.
- Direct binary analysis or vulnerability assessment history covering mobile platform internals (iOS, Android, or macOS internals).
- Familiarity evaluating enterprise cloud platform security parameters across AWS, Azure, or GCP infrastructure architecture landscapes.
What We Offer
- Vetted, World-Class Security Engineering Blueprint: A highly competitive, full-time baseline corporate salary package calibrated precisely against your technical depth, structured transparently between $100,000 and $160,000 USD per year , supplemented by annual performance-based bonuses.
- The spectacular professional architecture to claim absolute strategic ownership over high-stakes assessment modules for elite global tech clients.
- Profound work-from-home remote parameters offering a 100% remote virtual environment, complete personal schedule execution freedom, and $1,000 home-office hardware stipends.
- Comprehensive health wellness layers, including 100% company-covered medical, dental, vision, life, and disability insurance structures alongside 4 months of fully paid parental leave.
- Robust wealth protection models, including an established company 401(k) retirement plan offering a 5% organizational base salary match.
- Continuous technical career enrichment through a dedicated $750 yearly learning allocation and completely sponsored global team-building summits including travel.
- Role Description Fragomen is seeking a Security Engineer – Application Security to join our talented Cyber Security team in our Technology Innovation Lab in Pittsburgh. Our industry-leading, immigration specific software and supporting infrastructure is undergoing tremendous...ApplicationFull timeLocal area
$190.8k - $267.1k
Role Description Reddit is hiring a Senior Security Engineer, AI Security to help teams build and ship AI-powered products securely. This... ...Qualifications ~5+ years of experience in product security, application security, software security, security engineering, backend...ApplicationFull time$104k - $156k
...Posting Type Remote/Hybrid Job Overview The Advanced Security Engineer is a technically deep, hands-on practitioner who forms the... ...Requirements Layered Defense/Defense in Depth As applicable, design, deploy and optimize security controls that span...ApplicationRemote work- ...Security Engineer, Application Security Security is at the foundation of OpenAI's mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI's technology, people, and products. We are technical in what we build...ApplicationWork at officeRemote workRelocation package
- Senior Security Engineer, Security Operations - Responsible for automating the entire security operations lifecycle with AI and advanced detection... ...ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to...ApplicationFull timeRemote workFlexible hours
$165k - $242k
...at What You'll Do: The Enterprise Security team at CoreWeave is responsible for securing... ..., contractors, and critical business applications protected in a modern, cloud-native... ...About the Role: As a Senior Security Engineer, Enterprise Security , you'll design...ApplicationPermanent employmentTemporary workFor contractorsCasual workWork at officeRemote workFlexible hours$85k - $105k
...Commercial Electronic Security Systems Field Engineer We are seeking an experienced commercial Electronic Security Systems Field Engineer to... ...opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard...ApplicationFor subcontractorWork at officeLocal areaRemote workWorldwide- ...development of software and/or hardware security. Support the security of SRS... ...Job Title: Associate Computer Security Engineer Seeking a motivated and detail-oriented... ...activities, and working directly with FedRAMP applications. This role is ideal for candidates who...ApplicationLocal areaRemote workRelocation
- ...The Role: At General Motors, our Cyber Security organization protects the company's... ...Within Security Enablement, we partner with application teams to integrate enterprise... ...We are seeking a Senior Cyber Security Engineer to lead security enablement and automation...ApplicationLocal areaWork from homeRelocation package
- Role Description DMI is seeking a Web Developer Security Engineer to embed security throughout the software development lifecycle for a... ...role, you will identify and remediate vulnerabilities in web applications and APIs, integrate security controls into application...ApplicationFull timeRemote work
$175k - $245k
...it’s what we show up for every day. AI is changing what application security can accomplish. We’re not just securing AI; we’re using it as... ...of customers globally. We’re looking for a Senior Security Engineer II to join our Application Security team who can do both: bring...ApplicationRemote jobFull timeTemporary workWork at officeLocal areaFlexible hours$104k - $156k
...Posting Type Remote/Hybrid Job Overview The Advanced Security Engineer is a technically deep, hands-on practitioner who forms the... ...and Requirements Layered Defense/Defense in Depth As applicable, design, deploy and optimize security controls that span...ApplicationFull timeRemote work- ...improve operational efficiency, reduce security and compliance risk, and accelerate digital... ...of this role As a Senior Security Engineer on GitLab’s Security Incident Response Team... ...and allow our recruiters to assess your application. Country Hiring Guidelines: GitLab...ApplicationRemote jobFull time
$100k - $160k
...Trail of Bits is the premier place for security experts to boldly advance security and... ...attackers. Our research-based and custom-engineering approach ensures that our client’s... ...identifying vulnerabilities across the application and system level. You'll own pieces of...ApplicationRemote jobFull timeContract workWork from homeHome officeRelocation package$100k - $200k
...Trail of Bits is the premier place for security experts to boldly advance security and... ...attackers. Our research-based and custom-engineering approach ensures that our client’s... ...Trail of Bits seeks a Security Engineer, Application Security within our growing Software Assurance...ApplicationRemote jobFull timeContract workWork from homeHome officeRelocation package$8,020 per month
...Giannoulias Job Title: Information Systems Advisor II – Security Engineering Division: Information Security Union: IFT... ...with experience. Benefits: Attention: Applicants must be authorized to work in the United States; the Office...ApplicationWork at officeRemote work$190k - $243k
...Founded in 2017, Obsidian Security was created to close a critical gap: securing the SaaS applications where modern business happens—platforms like Microsoft 365, Salesforce... ...Overview: We’re looking for a Staff Security Engineer to join our team and help drive our corporate...ApplicationWork from homeFlexible hours$165k - $215k
...us create it. Who you are Metropolis is seeking a Senior Security Engineer to establish and lead a dedicated infrastructure and network... ...by a number of variables, including, as appropriate, the applicant's qualifications for the position, years of relevant experience...ApplicationTemporary workWork at officeLocal areaRemote work$210k - $230k
...process. About the Role: We're looking for a Senior Staff Security Engineer to lead Gusto's edge and network security strategy, owning... ...gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified...ApplicationFull timeWork at officeLocal areaRemote work2 days per week3 days per week- TWO Information Systems Security Engineer (ISSE) - CYBER SECURITY - in Marlborough, MA CISSP, Cybersecurity Engineer, Information Security... ...computer hardware and software S/W operating system and application solutions in both a stand-alone and in LAN/WAN configurations...ApplicationPermanent employmentFull timeContract workRemote workFlexible hours
- ...Principal Cyber Systems Engineer - Network Security Engineer III (26-212) At Northrop Grumman, our employees have incredible opportunities... ...clearance and IAT or relevant certifications on your resume, if applicable. A Bachelor's Degree in STEM Computer Engineering,...ApplicationContract workWork experience placementRemote workRelocation packageFlexible hoursShift workNight shift
$70k - $100k
...Japanese Bilingual Mid–Senior Network / Security Engineer Client: Japanese IT Company Working Location: New York, NY 10022 Working Style: Hybrid (2–3 days/week onsite) Employment Type: Full-time Salary: $70,000 – $100,000 (DOE) Benefit: Standard benefits...Full timeFor subcontractorRemote workVisa sponsorshipWeekend work2 days per week3 days per week$164.38k - $212.75k
...Information Assurance, Information System Security, Risk Assessments Certifications:... ...opportunity as a Cybersecurity Systems Engineer/Information Systems Security Engineer (ISSE... ...modernization, AI/ML, Cloud, Cyber and application development. Together with our clients,...ApplicationFull timeTemporary workPart timeFor contractorsInterim roleSummer workImmediate startRemote workWorldwideRelocationFlexible hours- Deutschland/Remote| Full-Time Als IT Security Consultant / Engineer Network Security bist du unser Experte für sichere IT-Infrastrukturen. Du entwickelst, implementierst und optimierst Netzwerksicherheitslösungen für unsere Kunden und sorgst dafür, dass Unternehmen gegen...Full timeRemote work
- ...IAM Security Engineer Client: BSNF Location: Dallas, TX Duration: 24 Months The first 2-3 weeks will be 100% on site with team... ...Policies, Aggregation Jobs, Roles, Certification Campaigns and Application Integration. Experience working in DevOps environment,...ApplicationWork experience placementWork at officeRemote work
- ...The team's mission is to accelerate the secure evolution of agentic AI systems at OpenAI... .... About the Role As a Security Engineer on the Agent Security Team , you will be... ..., genetic information, or other applicable legally protected characteristic....Remote work
- A tech consulting firm is looking for a Sr. Infrastructure Security Engineer to develop and enhance security systems across AWS, GCP, and... ...skills and experience with Infrastructure as Code. The ideal applicant thrives in a fast-paced environment and has a mindset focused...Remote job
$170.6k - $390k
...world to grow your career in information security! The opportunity The Senior... ...partnering closely with infrastructure, cloud, application, and security operations teams.... ...team as a Senior Manager in Cybersecurity Engineering, where you will play a pivotal role in...ApplicationSummer holidayRemote workFlexible hours- ...Principal Security Engineer Security is at the foundation of OpenAI's mission to ensure that artificial general intelligence benefits... ..., veteran status, disability, genetic information, or other applicable legally protected characteristic. At OpenAI, we believe artificial...Remote work
- ...opportunity below and apply today! We are seeking a Senior Cybersecurity Engineer to lead the design, implementation, and support of enterprise web application and network security solutions. This role will be responsible for securing internet-facing...ApplicationRemote work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Security Engineer, Application Security. Be the first to apply!
- IT security engineer Remote
- sr security engineer Remote
- information technology security engineer Remote
- endpoint security engineer Remote
- application security engineer Remote
- staff security engineer Remote
- senior application security engineer Remote
- dlp security engineer Remote
- security engineering manager Remote
- aws cloud security engineer Remote





