Security Engineer, Application Security [Remote]
$100k - $200kTrail of Bits
- Remote job
Who We Are
Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world.
Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers.
Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable.
Role
Trail of Bits seeks a Security Engineer, Application Security within our growing Software Assurance practice. You will conduct comprehensive security assessments of client software with a focus on low-level code analysis, examining system architecture, security boundaries, access controls, and platform security mechanisms.
On any given day, you might analyze vulnerabilities in application code, automate the detection of security misconfigurations in cloud environments, assess privilege escalation capabilities, or review security boundaries in complex systems. Working alongside other security engineers, you'll contribute to client projects while building impactful tools. In short, your work will land at the intersection of Vulnerability Research and Application Security.
In addition to working with leading technology companies in the private sector, you will have opportunities to collaborate with our Research & Engineering team to help secure funding from government agencies for advanced security research that bridges vulnerability research and application security, advancing the state of the art both within our team and industry at large.
Please note that only applications completed via our Careers page will be considered for further review.What You’ll Achieve
- Security Assessment: Conduct comprehensive low-level code security assessments across applications, examining vulnerabilities in system services, access control implementation, inter-process communication, and platform security controls while developing mitigation strategies.
- Security Tool Development: Design and implement custom security tools for automated vulnerability detection, focusing on both application-specific and general security testing needs to bridge the gap between vulnerability research and application security.
- Architecture Review: Perform detailed architecture reviews and threat modeling of complex software systems and cloud environments, identifying potential security weaknesses in areas such as data flows, authentication mechanisms, and API security while providing remediation guidance.
- Client Engagement: Work directly with industry-leading teams to review their application infrastructure and architecture, helping secure their environments through deep technical analysis and recommendations.
- Research & Innovation: Contribute to the advancement of application security, developing new methodologies and tools while staying up to date with the latest security developments in both traditional and emerging technology ecosystems.
What You’ll Bring
- Application security assessment experience. Direct experience conducting low-level code security assessments of complex software, identifying and mitigating application and system-level vulnerabilities. You read the code, not just the scanner output.
- Manual code review depth. Hands-on experience performing manual code reviews to find vulnerabilities that automated tools miss. You can explain why a bug is exploitable, not just that a tool flagged it.
- Static and dynamic analysis fluency. Experience using static and dynamic analysis tools as part of a deeper review process, including knowledge of where these tools fall short and how to extend them.
- Binary analysis and reverse engineering. Experience performing binary analysis and reverse engineering of compiled software. Comfortable with disassemblers, decompilers, and the surrounding tooling.
- Memory corruption vulnerabilities and mitigations. Demonstrated experience identifying memory corruption vulnerabilities and reasoning about modern mitigations. You understand the exploit primitives, not just the CWE category.
- System internals and security boundaries. Deep experience reasoning about system internals, IPC, access control implementations, and platform security boundaries in complex software.
- Architecture review and threat modeling. Experience performing architecture reviews and threat modeling of software systems and cloud environments, identifying weaknesses in data flows, authentication, and API design and proposing realistic remediation.
- Security tool development. Experience designing and building custom security tools for automated vulnerability detection. You bridge vulnerability research and application security by shipping tools, not just consuming vendor outputs.
- Programming proficiency across multiple languages. Hands-on experience programming in two or more of Rust, Golang, Kotlin, Swift, Objective-C, JavaScript, TypeScript, Python, Ruby, C, or C++, used for both security analysis and tool development.
- Communicating findings to technical stakeholders. Experience translating complex security findings into clear, actionable recommendations for engineering and security teams. Reports here get read by people who can push back.
- Experience with Android, iOS, or macOS system internals
- Experience contributing to open source security tools, libraries, or research
- Experience publishing original vulnerability research, CVEs, or technical writeups
- Experience speaking at security conferences (DEF CON, Black Hat, BSides, OffensiveCon, RECon, etc.)
- Experience identifying security misconfigurations in cloud environments (AWS, GCP, Azure)
- Experience collaborating on government-funded security research (DARPA, IARPA, ONR, etc.)
Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. [Learn more](
Only applications completed via our Careers page will be considered for further review. When you apply, you'll be added to our newsletter so you can stay updated on company news and opportunities. You can opt out anytime.Benefits, Perks & Wellness
Trail of Bits is our people, not a place. With over 100+ employees working from every time zone across the globe, our remote-first culture is built on autonomy and trust (and backed by smile-worthy benefits) for full-time employees:
Empowered Living:- Competitive salary complemented by performance-based bonuses.
- Fully company-paid insurance packages, including health, dental, vision, disability, and life.
- A solid 401(k) plan with a 5% match of your base salary.
- 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.
- 4 months of parental leave to cherish the arrival of new family members.
- Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition.
- $1,000 Working-from-Home stipend to create a comfortable and productive home office.
- Annual $750 Learning & Development stipend for continuous personal and professional growth.
- Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.
- Philanthropic contribution matching up to $2,000 annually.
- Role Description Fragomen is seeking a Security Engineer – Application Security to join our talented Cyber Security team in our Technology Innovation Lab in Pittsburgh. Our industry-leading, immigration specific software and supporting infrastructure is undergoing tremendous...ApplicationFull timeLocal area
$190.8k - $267.1k
Role Description Reddit is hiring a Senior Security Engineer, AI Security to help teams build and ship AI-powered products securely. This... ...Qualifications ~5+ years of experience in product security, application security, software security, security engineering, backend...ApplicationFull time$104k - $156k
...Advanced Security Engineer The Advanced Security Engineer is a technically deep, hands-on practitioner who forms the operational backbone... ...ecosystem. Layered Defense/Defense in Depth As applicable, design, deploy and optimize security controls that span perimeter...Application- ...Security Engineer - Application Security Locations: Charlotte NC, Chandler AZ, Westlake TX (Hybrid), (3 days onsite) Duration: 12+ Months Contract W2 Contract Only Required Qualifications: ~5+ years of Application Security Engineering experience, or equivalent...ApplicationContract workWork experience placement
- ...About the Team Security is at the foundation of OpenAI's mission to ensure that artificial general intelligence benefits... ...security culture. About the Role As a Security Engineer, Application Security you will be responsible for identifying and mitigating...ApplicationWork at officeRemote workRelocation package
- ...Security Engineer This is where security meets innovation at enterprise scale. As a security engineer, applications at WRITER, you'll be building the security foundations that protect the AI systems powering some of the world's most recognizable brands. You'll work...ApplicationFull timeLocal areaFlexible hours
- ...Senior Network Operations Center (NOC) Engineer (Tier 3) serves as the highest technical... ...outages involving routing instability, security incidents, hardware failures, or cloud connectivity... ...Access (ZPA), enabling secure user-to-application connectivity without traditional network...ApplicationNight shift
- Senior Security Engineer, Security Operations - Responsible for automating the entire security operations lifecycle with AI and advanced detection... ...ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to...ApplicationFull timeRemote workFlexible hours
$165k - $242k
...at What You'll Do: The Enterprise Security team at CoreWeave is responsible for securing... ..., contractors, and critical business applications protected in a modern, cloud-native... ...About the Role: As a Senior Security Engineer, Enterprise Security , you'll design...ApplicationPermanent employmentTemporary workFor contractorsCasual workWork at officeRemote workFlexible hours- ...technology solutions provider focused on Cyber Security, Hybrid Cloud, Global Network... ...Managed Services. Our corporate culture, engineering talent, customer-centric approach, and... ...network protocols, operating systems, application layer protocols, and security best practices...ApplicationWeekday work
- ...Job Profile Job Summary: The Information Security SOC Engineer is a hands-on cybersecurity professional responsible for engineering... ...Harris Health System to provide equal opportunity for all applicants for employment regardless of political affiliation, race,...ApplicationWork at office
- ...as a senior member of the Cybersecurity Engineering team responsible for designing, implementing, and optimizing enterprise security monitoring and automation capabilities. Led... ...from cloud, network, endpoint, and application sources. Develop and maintain SIEM detection...ApplicationWork at office
$85k - $105k
...Commercial Electronic Security Systems Field Engineer We are seeking an experienced commercial Electronic Security Systems Field Engineer to... ...opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard...ApplicationFor subcontractorWork at officeLocal areaRemote workWorldwide- Everforth ECS is seeking a Senior Security Operations Center Engineer - Security Tooling to work in the National Capital Region covering the Pentagon... ...-volume log data from network, endpoint, cloud, and application sources. Engineers security orchestration and automation...ApplicationContract workLocal area
$91k - $185.9k
...contribute to the company's success. As a Security Specialist within PNC's Technology... ...Denver, CO, Phoenix, AZ. As a Security Engineer on PNC's Cloud Security team, you will... ...configurations, and architectures, for applications, platforms, and infrastructure o Assist...ApplicationFull timeTemporary workPart timeWork experience placementWork at officeShift work- ...flexible technology solutions--including Application Modernization, Managed Hybrid Cloud,... ...and deploying modern applications and the secure, scalable platforms on which they run, to... ...all levels of employees, including senior engineers and managers. Experience with CI/CD...ApplicationFlexible hours
- JPMorganChase is seeking a Senior Lead Software Security Engineer to enhance, build, and deliver trusted technology products securely, scalably... ...deep technical expertise across multiple technologies and applications. The role emphasizes simple, elegant software solutions,...Application
$175.2k - $262.8k
...we empower creators to own their own destiny. As a Lead Security Engineer on the Enterprise Security team, you'll play a central role... ...and platforms that Klaviyo runs on — spanning critical SaaS applications, identity and access, endpoints, Zero Trust network...ApplicationWork at office- ...development of software and/or hardware security. Support the security of SRS... ...Job Title: Associate Computer Security Engineer Seeking a motivated and detail-oriented... ...activities, and working directly with FedRAMP applications. This role is ideal for candidates who...ApplicationLocal areaRemote workRelocation
- ...The Role: At General Motors, our Cyber Security organization protects the company's... ...Within Security Enablement, we partner with application teams to integrate enterprise... ...We are seeking a Senior Cyber Security Engineer to lead security enablement and automation...ApplicationLocal areaWork from homeRelocation package
$166k - $253k
...months, not years. ABOUT THE JOB We're seeking a Security Software Engineer to develop novel security tooling for securing embedded... ...privacy policy, please visit [ By submitting your application, you consent to Anduril Industries using a third-party service...ApplicationFull timeWork experience placementImmediate start- Role Description DMI is seeking a Web Developer Security Engineer to embed security throughout the software development lifecycle for a... ...role, you will identify and remediate vulnerabilities in web applications and APIs, integrate security controls into application...ApplicationFull timeRemote work
- ...2026-07-15 Position Title: Information Security Advisor - Network Decryption Engineer Job Description: Location: Indianapolis IN,... ...body of knowledge skill sets: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery...ApplicationTemporary workWork at officeLocal areaDay shift2 days per week1 day per week
$174k - $239k
Secure Every Identity, from AI to Human Identity is the key to unlocking the potential... .... We are looking for a Staff Software Engineer that will join the Auth0 Security Engineering... ...In addition, Okta offers equity (where applicable), bonus, and benefits, including health,...ApplicationPermanent employmentFull timeLocal areaWorldwideFlexible hours$175k - $245k
...it’s what we show up for every day. AI is changing what application security can accomplish. We’re not just securing AI; we’re using it as... ...of customers globally. We’re looking for a Senior Security Engineer II to join our Application Security team who can do both: bring...ApplicationRemote jobFull timeTemporary workWork at officeLocal areaFlexible hours$104k - $156k
...Posting Type Remote/Hybrid Job Overview The Advanced Security Engineer is a technically deep, hands-on practitioner who forms the... ...and Requirements Layered Defense/Defense in Depth As applicable, design, deploy and optimize security controls that span...ApplicationFull timeRemote work- ...improve operational efficiency, reduce security and compliance risk, and accelerate digital... ...of this role As a Senior Security Engineer on GitLab’s Security Incident Response Team... ...and allow our recruiters to assess your application. Country Hiring Guidelines: GitLab...ApplicationRemote jobFull time
- ...truly BELIEVE in what they're doing! Job Description Securing an organization and its information systems requires a... ...continuously reviews everything within the organization—including applications, infrastructure, and business processes—to identify potential...Application
$100k - $160k
...infrastructures. Founded in 2012 by expert security specialists with zero outside capital investment, our high-impact engineering culture combines cutting-edge offensive... ...accountability over evaluating complex client application stacks. Shifting completely away from...ApplicationFull timeRemote workWork from homeHome officeShift work$100k - $160k
...Trail of Bits is the premier place for security experts to boldly advance security and... ...attackers. Our research-based and custom-engineering approach ensures that our client’s... ...identifying vulnerabilities across the application and system level. You'll own pieces of...ApplicationRemote jobFull timeContract workWork from homeHome officeRelocation package
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Security Engineer, Application Security [Remote]. Be the first to apply!
- azure security engineer United States
- IT security engineer United States
- junior network security engineer United States
- security engineer intern United States
- sr security engineer United States
- security project engineer United States
- information technology security engineer United States
- endpoint security engineer United States
- security support engineer United States
- application security engineer United States







