Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Security Engineer, Application Security [Remote]

$100k - $200k
Full-time

Trail of Bits

United States
  • Remote job

Who We Are

Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world.

Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers.

Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable.

Role

Trail of Bits seeks a Security Engineer, Application Security within our growing Software Assurance practice. You will conduct comprehensive security assessments of client software with a focus on low-level code analysis, examining system architecture, security boundaries, access controls, and platform security mechanisms.

On any given day, you might analyze vulnerabilities in application code, automate the detection of security misconfigurations in cloud environments, assess privilege escalation capabilities, or review security boundaries in complex systems. Working alongside other security engineers, you'll contribute to client projects while building impactful tools. In short, your work will land at the intersection of Vulnerability Research and Application Security.

In addition to working with leading technology companies in the private sector, you will have opportunities to collaborate with our Research & Engineering team to help secure funding from government agencies for advanced security research that bridges vulnerability research and application security, advancing the state of the art both within our team and industry at large.

Please note that only applications completed via our Careers page will be considered for further review.

What You’ll Achieve

  • Security Assessment: Conduct comprehensive low-level code security assessments across applications, examining vulnerabilities in system services, access control implementation, inter-process communication, and platform security controls while developing mitigation strategies.
  • Security Tool Development: Design and implement custom security tools for automated vulnerability detection, focusing on both application-specific and general security testing needs to bridge the gap between vulnerability research and application security.
  • Architecture Review: Perform detailed architecture reviews and threat modeling of complex software systems and cloud environments, identifying potential security weaknesses in areas such as data flows, authentication mechanisms, and API security while providing remediation guidance.
  • Client Engagement: Work directly with industry-leading teams to review their application infrastructure and architecture, helping secure their environments through deep technical analysis and recommendations.
  • Research & Innovation: Contribute to the advancement of application security, developing new methodologies and tools while staying up to date with the latest security developments in both traditional and emerging technology ecosystems.

What You’ll Bring

  • Application security assessment experience. Direct experience conducting low-level code security assessments of complex software, identifying and mitigating application and system-level vulnerabilities. You read the code, not just the scanner output.
  • Manual code review depth. Hands-on experience performing manual code reviews to find vulnerabilities that automated tools miss. You can explain why a bug is exploitable, not just that a tool flagged it.
  • Static and dynamic analysis fluency. Experience using static and dynamic analysis tools as part of a deeper review process, including knowledge of where these tools fall short and how to extend them.
  • Binary analysis and reverse engineering. Experience performing binary analysis and reverse engineering of compiled software. Comfortable with disassemblers, decompilers, and the surrounding tooling.
  • Memory corruption vulnerabilities and mitigations. Demonstrated experience identifying memory corruption vulnerabilities and reasoning about modern mitigations. You understand the exploit primitives, not just the CWE category.
  • System internals and security boundaries. Deep experience reasoning about system internals, IPC, access control implementations, and platform security boundaries in complex software.
  • Architecture review and threat modeling. Experience performing architecture reviews and threat modeling of software systems and cloud environments, identifying weaknesses in data flows, authentication, and API design and proposing realistic remediation.
  • Security tool development. Experience designing and building custom security tools for automated vulnerability detection. You bridge vulnerability research and application security by shipping tools, not just consuming vendor outputs.
  • Programming proficiency across multiple languages. Hands-on experience programming in two or more of Rust, Golang, Kotlin, Swift, Objective-C, JavaScript, TypeScript, Python, Ruby, C, or C++, used for both security analysis and tool development.
  • Communicating findings to technical stakeholders. Experience translating complex security findings into clear, actionable recommendations for engineering and security teams. Reports here get read by people who can push back.
Nice to Have
  • Experience with Android, iOS, or macOS system internals
  • Experience contributing to open source security tools, libraries, or research
  • Experience publishing original vulnerability research, CVEs, or technical writeups
  • Experience speaking at security conferences (DEF CON, Black Hat, BSides, OffensiveCon, RECon, etc.)
  • Experience identifying security misconfigurations in cloud environments (AWS, GCP, Azure)
  • Experience collaborating on government-funded security research (DARPA, IARPA, ONR, etc.)
The base salary for this full-time position ranges from $100,000 to $200,000 excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process.

Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. [Learn more](

Only applications completed via our Careers page will be considered for further review. When you apply, you'll be added to our newsletter so you can stay updated on company news and opportunities. You can opt out anytime.

Benefits, Perks & Wellness

Trail of Bits is our people, not a place. With over 100+ employees working from every time zone across the globe, our remote-first culture is built on autonomy and trust (and backed by smile-worthy benefits) for full-time employees:

Empowered Living:
  • Competitive salary complemented by performance-based bonuses.
  • Fully company-paid insurance packages, including health, dental, vision, disability, and life.
  • A solid 401(k) plan with a 5% match of your base salary.
  • 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.
Nurturing New Beginnings:
  • 4 months of parental leave to cherish the arrival of new family members.
  • Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition.
Work & Life Enrichment:
  • $1,000 Working-from-Home stipend to create a comfortable and productive home office.
  • Annual $750 Learning & Development stipend for continuous personal and professional growth.
  • Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.
Community Impact:
  • Philanthropic contribution matching up to $2,000 annually.
Vacancy posted a month ago
Similar jobs that could be interesting for youBased on the Security Engineer, Application Security [Remote] in United States vacancy
  • Role Description Fragomen is seeking a Security Engineer – Application Security to join our talented Cyber Security team in our Technology Innovation Lab in Pittsburgh. Our industry-leading, immigration specific software and supporting infrastructure is undergoing tremendous... 
    Application
    Full time
    Local area

    Fragomen

    Remote
    6 days ago
  • $190.8k - $267.1k

    Role Description Reddit is hiring a Senior Security Engineer, AI Security to help teams build and ship AI-powered products securely. This...  ...Qualifications ~5+ years of experience in product security, application security, software security, security engineering, backend... 
    Application
    Full time

    Reddit

    Remote
    7 days ago
  • $104k - $156k

     ...Advanced Security Engineer The Advanced Security Engineer is a technically deep, hands-on practitioner who forms the operational backbone...  ...ecosystem. Layered Defense/Defense in Depth As applicable, design, deploy and optimize security controls that span perimeter... 
    Application

    Relativity

    Hartford, CT
    3 days ago
  •  ...Security Engineer - Application Security Locations: Charlotte NC, Chandler AZ, Westlake TX (Hybrid), (3 days onsite) Duration: 12+ Months Contract W2 Contract Only Required Qualifications: ~5+ years of Application Security Engineering experience, or equivalent... 
    Application
    Contract work
    Work experience placement

    Syntricate Technologies

    Chandler, AZ
    2 days ago
  •  ...About the Team Security is at the foundation of OpenAI's mission to ensure that artificial general intelligence benefits...  ...security culture. About the Role As a Security Engineer, Application Security you will be responsible for identifying and mitigating... 
    Application
    Work at office
    Remote work
    Relocation package

    OpenAI

    United States
    2 days ago
  •  ...Security Engineer This is where security meets innovation at enterprise scale. As a security engineer, applications at WRITER, you'll be building the security foundations that protect the AI systems powering some of the world's most recognizable brands. You'll work... 
    Application
    Full time
    Local area
    Flexible hours

    Writer.ly

    Seattle, WA
    5 days ago
  •  ...Senior Network Operations Center (NOC) Engineer (Tier 3) serves as the highest technical...  ...outages involving routing instability, security incidents, hardware failures, or cloud connectivity...  ...Access (ZPA), enabling secure user-to-application connectivity without traditional network... 
    Application
    Night shift

    Vanguard

    Charlotte, NC
    16 days ago
  • Senior Security Engineer, Security Operations - Responsible for automating the entire security operations lifecycle with AI and advanced detection...  ...ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to... 
    Application
    Full time
    Remote work
    Flexible hours

    ServiceNow

    Mountain View, CA
    1 day ago
  • $165k - $242k

     ...at What You'll Do: The Enterprise Security team at CoreWeave is responsible for securing...  ..., contractors, and critical business applications protected in a modern, cloud-native...  ...About the Role: As a Senior Security Engineer, Enterprise Security , you'll design... 
    Application
    Permanent employment
    Temporary work
    For contractors
    Casual work
    Work at office
    Remote work
    Flexible hours

    CoreWeave

    Sunnyvale, CA
    25 days ago
  •  ...technology solutions provider focused on Cyber Security, Hybrid Cloud, Global Network...  ...Managed Services. Our corporate culture, engineering talent, customer-centric approach, and...  ...network protocols, operating systems, application layer protocols, and security best practices... 
    Application
    Weekday work

    Thrive

    Tampa, FL
    24 days ago
  •  ...Job Profile Job Summary: The Information Security SOC Engineer is a hands-on cybersecurity professional responsible for engineering...  ...Harris Health System to provide equal opportunity for all applicants for employment regardless of political affiliation, race,... 
    Application
    Work at office

    Harris Health System

    Houston, TX
    2 days ago
  •  ...as a senior member of the Cybersecurity Engineering team responsible for designing, implementing, and optimizing enterprise security monitoring and automation capabilities. Led...  ...from cloud, network, endpoint, and application sources. Develop and maintain SIEM detection... 
    Application
    Work at office

    Red Lobster

    Orlando, FL
    3 days ago
  • $85k - $105k

     ...Commercial Electronic Security Systems Field Engineer We are seeking an experienced commercial Electronic Security Systems Field Engineer to...  ...opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard... 
    Application
    For subcontractor
    Work at office
    Local area
    Remote work
    Worldwide

    Johnson Controls International Plc

    United States
    5 days ago
  • Everforth ECS is seeking a Senior Security Operations Center Engineer - Security Tooling to work in the National Capital Region covering the Pentagon...  ...-volume log data from network, endpoint, cloud, and application sources. Engineers security orchestration and automation... 
    Application
    Contract work
    Local area

    ECS

    Fairfax, VA
    5 days ago
  • $91k - $185.9k

     ...contribute to the company's success. As a Security Specialist within PNC's Technology...  ...Denver, CO, Phoenix, AZ. As a Security Engineer on PNC's Cloud Security team, you will...  ...configurations, and architectures, for applications, platforms, and infrastructure o Assist... 
    Application
    Full time
    Temporary work
    Part time
    Work experience placement
    Work at office
    Shift work

    PNC

    Pittsburgh, PA
    5 days ago
  •  ...flexible technology solutions--including Application Modernization, Managed Hybrid Cloud,...  ...and deploying modern applications and the secure, scalable platforms on which they run, to...  ...all levels of employees, including senior engineers and managers. Experience with CI/CD... 
    Application
    Flexible hours

    CBTS

    Nashville, TN
    3 days ago
  • JPMorganChase is seeking a Senior Lead Software Security Engineer to enhance, build, and deliver trusted technology products securely, scalably...  ...deep technical expertise across multiple technologies and applications. The role emphasizes simple, elegant software solutions,... 
    Application

    JPMorgan Chase & Co.

    Plano, TX
    1 day ago
  • $175.2k - $262.8k

     ...we empower creators to own their own destiny. As a Lead Security Engineer on the Enterprise Security team, you'll play a central role...  ...and platforms that Klaviyo runs on — spanning critical SaaS applications, identity and access, endpoints, Zero Trust network... 
    Application
    Work at office

    Klaviyo

    Denver, CO
    27 days ago
  •  ...development of software and/or hardware security. Support the security of SRS...  ...Job Title: Associate Computer Security Engineer  Seeking a motivated and detail-oriented...  ...activities, and working directly with FedRAMP applications. This role is ideal for candidates who... 
    Application
    Local area
    Remote work
    Relocation

    United Global Technologies

    Aiken, SC
    4 days ago
  •  ...The Role: At General Motors, our Cyber Security organization protects the company's...  ...Within Security Enablement, we partner with application teams to integrate enterprise...  ...We are seeking a Senior Cyber Security Engineer to lead security enablement and automation... 
    Application
    Local area
    Work from home
    Relocation package

    General Motors

    Austin, TX
    2 days ago
  • $166k - $253k

     ...months, not years. ABOUT THE JOB We're seeking a Security Software Engineer to develop novel security tooling for securing embedded...  ...privacy policy, please visit [ By submitting your application, you consent to Anduril Industries using a third-party service... 
    Application
    Full time
    Work experience placement
    Immediate start

    Anduril Industries

    Seattle, WA
    2 hours ago
  • Role Description DMI is seeking a Web Developer Security Engineer to embed security throughout the software development lifecycle for a...  ...role, you will identify and remediate vulnerabilities in web applications and APIs, integrate security controls into application... 
    Application
    Full time
    Remote work

    DMI

    Remote
    2 days ago
  •  ...2026-07-15 Position Title: Information Security Advisor - Network Decryption Engineer Job Description: Location: Indianapolis IN,...  ...body of knowledge skill sets: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery... 
    Application
    Temporary work
    Work at office
    Local area
    Day shift
    2 days per week
    1 day per week

    Elevance Health

    Indianapolis, IN
    1 day ago
  • $174k - $239k

    Secure Every Identity, from AI to Human Identity is the key to unlocking the potential...  .... We are looking for a Staff Software Engineer that will join the Auth0 Security Engineering...  ...In addition, Okta offers equity (where applicable), bonus, and benefits, including health,... 
    Application
    Permanent employment
    Full time
    Local area
    Worldwide
    Flexible hours

    Okta

    Bellevue, WA
    5 days ago
  • $175k - $245k

     ...it’s what we show up for every day. AI is changing what application security can accomplish. We’re not just securing AI; we’re using it as...  ...of customers globally. We’re looking for a Senior Security Engineer II to join our Application Security team who can do both: bring... 
    Application
    Remote job
    Full time
    Temporary work
    Work at office
    Local area
    Flexible hours

    Smartsheet

    Remote
    20 days ago
  • $104k - $156k

     ...Posting Type Remote/Hybrid Job Overview The Advanced Security Engineer is a technically deep, hands-on practitioner who forms the...  ...and Requirements Layered Defense/Defense in Depth As applicable, design, deploy and optimize security controls that span... 
    Application
    Full time
    Remote work

    Relativity

    Illinois
    1 day ago
  •  ...improve operational efficiency, reduce security and compliance risk, and accelerate digital...  ...of this role As a Senior Security Engineer on GitLab’s Security Incident Response Team...  ...and allow our recruiters to assess your application. Country Hiring Guidelines: GitLab... 
    Application
    Remote job
    Full time

    GitLab

    Remote
    2 days ago
  •  ...truly BELIEVE in what they're doing! ‎  ‎  Job Description Securing an organization and its information systems requires a...  ...continuously reviews everything within the organization—including applications, infrastructure, and business processes—to identify potential... 
    Application

    Oklahoma Tourism and Recreation Department

    Green, OH
    more than 2 months ago
  • $100k - $160k

     ...infrastructures. Founded in 2012 by expert security specialists with zero outside capital investment, our high-impact engineering culture combines cutting-edge offensive...  ...accountability over evaluating complex client application stacks. Shifting completely away from... 
    Application
    Full time
    Remote work
    Work from home
    Home office
    Shift work

    Trail of Bits

    Remote
    9 days ago
  • $100k - $160k

     ...Trail of Bits is the premier place for security experts to boldly advance security and...  ...attackers. Our research-based and custom-engineering approach ensures that our client’s...  ...identifying vulnerabilities across the application and system level. You'll own pieces of... 
    Application
    Remote job
    Full time
    Contract work
    Work from home
    Home office
    Relocation package

    Trail of Bits

    United States
    24 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Security Engineer, Application Security [Remote]. Be the first to apply!