Principal Security Engineer, Application Security
FULL_TIME • NA
Trail of Bits is hiring a Principal Security Engineer to provide technical leadership across advanced software assurance engagements. This position is responsible for directing application security assessments, performing deep technical code review, defining methodologies, and serving as a senior technical reference for the engineering team.
The role includes designing and executing architecture reviews, guiding threat modeling activities, and identifying critical issues across distributed systems and modern software platforms. In addition to hands-on contributions, this role supports mentoring other engineers, shaping internal practices, and participating in security research and publications. The role operates at the intersection of consulting, vulnerability research, and strategic guidance for high-value clients.
🔹 Responsibilities
• Advance use of AI techniques within application security workflows, including LLM-assisted code review and ML-based analysis
• Conduct thorough security assessments across diverse software environments, with focus on authentication, APIs, platform controls, and cloud-native deployments
• Lead and facilitate advanced threat modeling and architecture security reviews for complex distributed systems
• Perform high-level manual code review in multiple languages, detecting logic and implementation flaws missed by automation
• Develop and refine tooling and frameworks that expand internal security testing capabilities
• Lead major engagements, providing scope definition, technical direction, and review of final deliverables
• Advise engineering and executive stakeholders on security maturity and long-term risk management strategies
• Mentor engineers, support methodology development, and contribute to team skill growth
• Participate in external contributions including technical talks, written content, and open-source engagement
🔹 Requirements
• 8+ years of experience in application security across web, mobile, cloud, and system-level environments
• Experience applying AI to security work or evaluation of ML/AI system security
• Demonstrated experience as a technical leader on complex security engagements
• Strong history of executing deep security assessments and finding impactful vulnerabilities
• Low-level understanding of system internals and binary/security fundamentals
• Advanced proficiency reviewing code across languages including JavaScript/TypeScript, Python, Go, Rust, C/C++, etc.
• Experience with SAST/DAST tools including custom rule development and pipeline integration
• Ability to conduct structured threat modeling using formal methodologies such as STRIDE or PASTA
• Strong communication capability for translating security risks to varied audiences
🔹 Compensation & Benefits
• Base salary range: $200,000 – $235,000 USD (final offer adjusted by experience, location, and profile)
• Performance-based bonus opportunities
• Employer-paid medical, dental, vision, disability, and life insurance
• 401(k) with 5% employer match
• 20 days paid vacation with additional flexibility based on jurisdiction
• 4 months paid parental leave
• Optional $10,000 relocation assistance for NYC relocation
• $1,000 home office stipend
• $750 annual professional development stipend
• Company-funded gatherings with travel expenses covered
• Donation matching up to $2,000 annually
🔖 Curated by ArtofBlockchain.club
AOB scans top blockchain career pages daily to bring high-signal opportunities without spam.
👉 Discover more curated roles at ArtofBlockchain.club