Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Security Engineer, Application Security

$100k - $160k
Full-time

Trail of Bits

About Trail of Bits: Trail of Bits (trailofbits.com) is an elite, globally recognized cybersecurity innovator, vulnerability research architect, and software defense provider operating on an absolute mission to protect, automate, and systematically harden high-stakes digital infrastructures. Founded in 2012 by expert security specialists with zero outside capital investment, our high-impact engineering culture combines cutting-edge offensive research with practical testing tooling to protect the world most targeted networks, cryptographic protocols, and embedded devices. Trail of Bits operates under a strict transparency philosophy, sharing deep internal security intelligence with the public through comprehensive research whitepapers, open-source auditing utilities, and global developer tool contributions. Trail of Bits equips technical security experts with an uncompromised software canvas to eliminate memory safety corruption bugs, research low-level platform internals, and deploy category-defining testing automations globally.

Position Overview

We are seeking a highly analytical, connection-obsessed, and systems-minded Security Engineer 1 to join our fast-growing Software Assurance group under an uncompromised full-time individual remote engagement framework based anywhere inside the United States. Operating at the direct intersection of production-grade codebase debugging, custom automated engineering, and offensive vulnerability discovery, you will step up to claim true individual operational and strategic accountability over evaluating complex client application stacks. Shifting completely away from routine passive spreadsheet template logging, basic non-technical policy checkbox checking, minor asset tracking, or slow coordinating loops, you will run an active reverse engineering, source-code auditing, and architectural boundary analysis laboratory—partnering face-to-face with senior assurance leads, open-source engineers, and external software development groups. This position requires an early-career technical specialist or a transitioning software developer with 0-2 years of closing depth who maps out system risks fluidly natively using Cybersecurity methodologies, evaluates complex backend topologies cleanly natively leveraging memory-corruption mitigation parameters, and commands rigorous software threat-modeling cycles confidently under high-stakes client engagement environments.

Key Responsibilities

  • Client Security Assessment Ownership: Take absolute structural ownership over identifying vulnerabilities, tracing deep architectural failures, and driving security assessments across specific sub-modules within larger scale enterprise software ecosystems.
  • Offensive Vulnerability Analysis: Review, audit, and validate critical logical and structural vulnerabilities inside client application codebases, mapping out exploit vectors and compiling functional proof-of-concept components cleanly natively utilizing Cybersecurity parameters.
  • Custom Testing Automation Engineering: Design, develop, and deploy specialized security testing frameworks, static analyzers, and fuzzing automation scripts to accelerate deep bug detection on client codebases.
  • Architecture Review and Threat Modeling: Conduct advanced code threat modeling and surface evaluations to trace application data flows, establish secure multi-tenant privilege boundaries, and propose definitive mitigation patches.
  • Clear Engineering Communication: Translate complex exploitation primitives and high-severity findings into scannable, actionable recommendations, taking ownership of technical relationships with engineering stakeholders.
  • Open Security Research Innovation: Contribute to foundational internal and public research streams, drafting detailed documentation and developing open-source auditing libraries to stay at the vanguard of modern application safety.

Required Skills & Qualifications

  • Proven history demonstrating practical vulnerability research talent, backed by a verifiable track record of identifying real bugs (e.g., public CVE registries, bug bounty disclosures, or competitive CTF team placements).
  • Expert-tier capability reading complex source arrays, tracing runtime memory changes, and analyzing raw execution logic fluently natively utilizing Cybersecurity principles.
  • Hands-on system programming fluency writing, debugging, or analyzing software across at least two major programming languages (such as Rust, Go, C, C++, Python, or TypeScript).
  • Solid understanding of lower-level memory safety mechanics, including clear conceptual literacy regarding buffer overflows, use-after-free anomalies, ASLR, DEP, and Control Flow Integrity (CFI).
  • Strong operating systems familiarity, understanding process-to-process communication configurations, privilege separation modules, and kernel-space interaction vectors.
  • Highly autonomous, self-sufficient problem-solving habits enabling you to execute granular codebase research steps and reach sound conclusions without constant managerial hand-holding.
  • Location Context: Position open to qualified application security professionals located and resident permanently within the United States to execute a highly autonomous, work-from-home remote track.

Preferred Strategic Indicators (Nice to Have)

  • Active, current participation or historic ranking achievements inside elite international Capture the Flag (CTF) security hacking teams.
  • Prior history contributing to public open-source software security repositories, building security libraries, or delivering technical conference presentations.
  • Direct binary analysis or vulnerability assessment history covering mobile platform internals (iOS, Android, or macOS internals).
  • Familiarity evaluating enterprise cloud platform security parameters across AWS, Azure, or GCP infrastructure architecture landscapes.

What We Offer

  • Vetted, World-Class Security Engineering Blueprint: A highly competitive, full-time baseline corporate salary package calibrated precisely against your technical depth, structured transparently between $100,000 and $160,000 USD per year , supplemented by annual performance-based bonuses.
  • The spectacular professional architecture to claim absolute strategic ownership over high-stakes assessment modules for elite global tech clients.
  • Profound work-from-home remote parameters offering a 100% remote virtual environment, complete personal schedule execution freedom, and $1,000 home-office hardware stipends.
  • Comprehensive health wellness layers, including 100% company-covered medical, dental, vision, life, and disability insurance structures alongside 4 months of fully paid parental leave.
  • Robust wealth protection models, including an established company 401(k) retirement plan offering a 5% organizational base salary match.
  • Continuous technical career enrichment through a dedicated $750 yearly learning allocation and completely sponsored global team-building summits including travel.
Vacancy posted 8 days ago
Similar jobs that could be interesting for youBased on the Security Engineer, Application Security in Remote vacancy
  • Role Description Fragomen is seeking a Security Engineer – Application Security to join our talented Cyber Security team in our Technology Innovation Lab in Pittsburgh. Our industry-leading, immigration specific software and supporting infrastructure is undergoing tremendous... 
    Application
    Full time
    Local area

    Fragomen

    Remote
    6 days ago
  • $190.8k - $267.1k

    Role Description Reddit is hiring a Senior Security Engineer, AI Security to help teams build and ship AI-powered products securely. This...  ...Qualifications ~5+ years of experience in product security, application security, software security, security engineering, backend... 
    Application
    Full time

    Reddit

    Remote
    7 days ago
  • $104k - $156k

     ...Posting Type Remote/Hybrid Job Overview The Advanced Security Engineer is a technically deep, hands-on practitioner who forms the...  ...Requirements Layered Defense/Defense in Depth As applicable, design, deploy and optimize security controls that span... 
    Application
    Remote work

    Relativity

    New York, NY
    3 days ago
  •  ...Security Engineer, Application Security Security is at the foundation of OpenAI's mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI's technology, people, and products. We are technical in what we build... 
    Application
    Work at office
    Remote work
    Relocation package

    OpenAI

    San Francisco, CA
    3 days ago
  • Senior Security Engineer, Security Operations - Responsible for automating the entire security operations lifecycle with AI and advanced detection...  ...ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to... 
    Application
    Full time
    Remote work
    Flexible hours

    ServiceNow

    Mountain View, CA
    1 day ago
  • $165k - $242k

     ...at What You'll Do: The Enterprise Security team at CoreWeave is responsible for securing...  ..., contractors, and critical business applications protected in a modern, cloud-native...  ...About the Role: As a Senior Security Engineer, Enterprise Security , you'll design... 
    Application
    Permanent employment
    Temporary work
    For contractors
    Casual work
    Work at office
    Remote work
    Flexible hours

    CoreWeave

    Sunnyvale, CA
    25 days ago
  • $85k - $105k

     ...Commercial Electronic Security Systems Field Engineer We are seeking an experienced commercial Electronic Security Systems Field Engineer to...  ...opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard... 
    Application
    For subcontractor
    Work at office
    Local area
    Remote work
    Worldwide

    Johnson Controls International Plc

    United States
    5 days ago
  •  ...development of software and/or hardware security. Support the security of SRS...  ...Job Title: Associate Computer Security Engineer  Seeking a motivated and detail-oriented...  ...activities, and working directly with FedRAMP applications. This role is ideal for candidates who... 
    Application
    Local area
    Remote work
    Relocation

    United Global Technologies

    Aiken, SC
    4 days ago
  •  ...The Role: At General Motors, our Cyber Security organization protects the company's...  ...Within Security Enablement, we partner with application teams to integrate enterprise...  ...We are seeking a Senior Cyber Security Engineer to lead security enablement and automation... 
    Application
    Local area
    Work from home
    Relocation package

    General Motors

    Austin, TX
    2 days ago
  • Role Description DMI is seeking a Web Developer Security Engineer to embed security throughout the software development lifecycle for a...  ...role, you will identify and remediate vulnerabilities in web applications and APIs, integrate security controls into application... 
    Application
    Full time
    Remote work

    DMI

    Remote
    2 days ago
  • $175k - $245k

     ...it’s what we show up for every day. AI is changing what application security can accomplish. We’re not just securing AI; we’re using it as...  ...of customers globally. We’re looking for a Senior Security Engineer II to join our Application Security team who can do both: bring... 
    Application
    Remote job
    Full time
    Temporary work
    Work at office
    Local area
    Flexible hours

    Smartsheet

    Remote
    20 days ago
  • $104k - $156k

     ...Posting Type Remote/Hybrid Job Overview The Advanced Security Engineer is a technically deep, hands-on practitioner who forms the...  ...and Requirements Layered Defense/Defense in Depth As applicable, design, deploy and optimize security controls that span... 
    Application
    Full time
    Remote work

    Relativity

    Illinois
    1 day ago
  •  ...improve operational efficiency, reduce security and compliance risk, and accelerate digital...  ...of this role As a Senior Security Engineer on GitLab’s Security Incident Response Team...  ...and allow our recruiters to assess your application. Country Hiring Guidelines: GitLab... 
    Application
    Remote job
    Full time

    GitLab

    Remote
    2 days ago
  • $100k - $160k

     ...Trail of Bits is the premier place for security experts to boldly advance security and...  ...attackers. Our research-based and custom-engineering approach ensures that our client’s...  ...identifying vulnerabilities across the application and system level. You'll own pieces of... 
    Application
    Remote job
    Full time
    Contract work
    Work from home
    Home office
    Relocation package

    Trail of Bits

    United States
    24 days ago
  • $100k - $200k

     ...Trail of Bits is the premier place for security experts to boldly advance security and...  ...attackers. Our research-based and custom-engineering approach ensures that our client’s...  ...Trail of Bits seeks a Security Engineer, Application Security within our growing Software Assurance... 
    Application
    Remote job
    Full time
    Contract work
    Work from home
    Home office
    Relocation package

    Trail of Bits

    United States
    a month ago
  • $8,020 per month

     ...Giannoulias Job Title:        Information Systems Advisor II – Security Engineering Division: Information Security Union:            IFT...  ...with experience. Benefits: Attention:      Applicants must be authorized to work in the United States; the Office... 
    Application
    Work at office
    Remote work

    Illinois Secretary of State

    Springfield, IL
    16 days ago
  • $190k - $243k

     ...Founded in 2017, Obsidian Security was created to close a critical gap: securing the SaaS applications where modern business happens—platforms like Microsoft 365, Salesforce...  ...Overview: We’re looking for a Staff Security Engineer to join our team and help drive our corporate... 
    Application
    Work from home
    Flexible hours

    Obsidian Security

    Palo Alto, CA
    more than 2 months ago
  • $165k - $215k

     ...us create it. Who you are Metropolis is seeking a Senior Security Engineer to establish and lead a dedicated infrastructure and network...  ...by a number of variables, including, as appropriate, the applicant's qualifications for the position, years of relevant experience... 
    Application
    Temporary work
    Work at office
    Local area
    Remote work

    Metropolis

    New York, NY
    2 days ago
  • $210k - $230k

     ...process. About the Role: We're looking for a Senior Staff Security Engineer to lead Gusto's edge and network security strategy, owning...  ...gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified... 
    Application
    Full time
    Work at office
    Local area
    Remote work
    2 days per week
    3 days per week

    gusto

    San Francisco, CA
    more than 2 months ago
  • TWO Information Systems Security Engineer (ISSE) - CYBER SECURITY - in Marlborough, MA CISSP, Cybersecurity Engineer, Information Security...  ...computer hardware and software S/W operating system and application solutions in both a stand-alone and in LAN/WAN configurations... 
    Application
    Permanent employment
    Full time
    Contract work
    Remote work
    Flexible hours

    DBA Web Technologies

    Marlborough, MA
    more than 2 months ago
  •  ...Principal Cyber Systems Engineer - Network Security Engineer III (26-212) At Northrop Grumman, our employees have incredible opportunities...  ...clearance and IAT or relevant certifications on your resume, if applicable. A Bachelor's Degree in STEM Computer Engineering,... 
    Application
    Contract work
    Work experience placement
    Remote work
    Relocation package
    Flexible hours
    Shift work
    Night shift

    Navstar

    Colorado Springs, CO
    5 days ago
  • $70k - $100k

     ...Japanese Bilingual Mid–Senior Network / Security Engineer Client: Japanese IT Company Working Location: New York, NY 10022 Working Style: Hybrid (2–3 days/week onsite) Employment Type: Full-time Salary: $70,000 – $100,000 (DOE) Benefit: Standard benefits... 
    Full time
    For subcontractor
    Remote work
    Visa sponsorship
    Weekend work
    2 days per week
    3 days per week

    Cinter LLC

    New York, NY
    5 days ago
  • $164.38k - $212.75k

     ...Information Assurance, Information System Security, Risk Assessments Certifications:...  ...opportunity as a Cybersecurity Systems Engineer/Information Systems Security Engineer (ISSE...  ...modernization, AI/ML, Cloud, Cyber and application development. Together with our clients,... 
    Application
    Full time
    Temporary work
    Part time
    For contractors
    Interim role
    Summer work
    Immediate start
    Remote work
    Worldwide
    Relocation
    Flexible hours

    GDIT

    Washington DC
    a month ago
  • Deutschland/Remote| Full-Time Als IT Security Consultant / Engineer Network Security bist du unser Experte für sichere IT-Infrastrukturen. Du entwickelst, implementierst und optimierst Netzwerksicherheitslösungen für unsere Kunden und sorgst dafür, dass Unternehmen gegen... 
    Full time
    Remote work

    protectONE HQ

    New Bremen, OH
    4 days ago
  •  ...IAM Security Engineer Client: BSNF Location: Dallas, TX Duration: 24 Months The first 2-3 weeks will be 100% on site with team...  ...Policies, Aggregation Jobs, Roles, Certification Campaigns and Application Integration. Experience working in DevOps environment,... 
    Application
    Work experience placement
    Work at office
    Remote work

    Staffing the Universe

    United States
    3 days ago
  •  ...The team's mission is to accelerate the secure evolution of agentic AI systems at OpenAI...  .... About the Role As a Security Engineer on the Agent Security Team , you will be...  ..., genetic information, or other applicable legally protected characteristic.... 
    Remote work

    OpenAI

    United States
    4 days ago
  • A tech consulting firm is looking for a Sr. Infrastructure Security Engineer to develop and enhance security systems across AWS, GCP, and...  ...skills and experience with Infrastructure as Code. The ideal applicant thrives in a fast-paced environment and has a mindset focused... 
    Remote job

    YO IT Consulting

    New York, NY
    1 day ago
  • $170.6k - $390k

     ...world to grow your career in information security! The opportunity The Senior...  ...partnering closely with infrastructure, cloud, application, and security operations teams....  ...team as a Senior Manager in Cybersecurity Engineering, where you will play a pivotal role in... 
    Application
    Summer holiday
    Remote work
    Flexible hours

    EY

    Austin, TX
    5 days ago
  •  ...Principal Security Engineer Security is at the foundation of OpenAI's mission to ensure that artificial general intelligence benefits...  ..., veteran status, disability, genetic information, or other applicable legally protected characteristic. At OpenAI, we believe artificial... 
    Remote work

    OpenAI

    United States
    1 day ago
  •  ...opportunity below and apply today! We are seeking a Senior Cybersecurity Engineer to lead the design, implementation, and support of enterprise web application and network security solutions. This role will be responsible for securing internet-facing... 
    Application
    Remote work

    Revel IT

    Columbus, OH
    7 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Security Engineer, Application Security. Be the first to apply!