Software Security Research Engineer

Remote /
Research – Research & Development /
Full-time
About Trail of Bits

Trail of Bits helps secure the world’s most targeted organizations and products. We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

As a cybersecurity research and consulting firm, we serve clients in the defense, tech, finance, and blockchain industries. We help with their most difficult security challenges by designing and building new technology, researching new techniques to advance the state of practice, and reviewing the security of the latest available technology products before they hit the market.

Our team consumes, produces, and presents research as a natural part of doing business. When we make new discoveries or developments, we strive to share our knowledge and release our tools as open-source. It’s a practice that’s earned us industry accolades and helped contribute to our double-digit bottom line growth.

Role

This role will support both our commercial clients needing software engineering support and/or our government-sponsored research. Our commercial clients typically have objectives that are more well-defined, whereas research often requires more exploration, collaboration, and prototyping before arriving at a solution.

You will be contributing to one or two research projects. You will explore open-ended problems in reverse engineering, program analysis, cryptography, and other computer security-related areas. You will develop tools for collecting and analyzing low-level system information while keeping the needs of the end user a priority. You will often work closely in teams of 2-4 people in remote locations. Technical leads will assign responsibilities to you and other team members, and you will develop proofs of concept, prototypes, and enhancements to our existing tools to support a project's goals.

You will devote a portion of your time to exploring new ideas that interest you and are relevant to today's needs in security. Internal research projects may be open-sourced, published on our blog, and submitted to well-respected and peer-reviewed security conferences.

We are looking for teammates who are self-motivated and attracted to learning new technologies. It is important that new researchers communicate and connect well with a team inclusive of remote employees. Occasionally, you will present and demonstrate your work to colleagues and external stakeholders.

Responsibilities

    • Develop software for reverse engineering, program analysis, and security tools
    • Connect daily with the team virtually to describe progress, setbacks, ideas, and concerns
    • Create maintainable code and understand users' needs
    • Maintain installation files, user manuals, walkthroughs, and tutorials
    • Occasionally present your work to the company and external stakeholders
    • Collaborate with the team to write conference papers, blog posts, and proposals

Requirements & Skills

    • Mastery of at least one modern programming language (C++, Python, Rust, etc.).
    • Experience in developing usable and maintainable software.
    • Experience working on a research team.
    • Specialization in a relevant research area (e.g., static analysis, symbolic execution, patching, binary  instrumentation, fuzz testing, formal methods, adversarial machine learning, etc.).
    • Computer Science fundamentals experience (operating systems, data structures, algorithms, networking, etc.).
    • Understanding of at least one architecture’s assembly language.
    • Understanding of at least one intermediate representation (LLVM/IR, BNIL, LLIL, etc.).
    • Knowledge of reverse engineering.
    • Ability to quickly learn new programming languages and frameworks.

Benefits

    • Every year, we pay for the best in conference training, technical training, and managerial classes for our team. Everyone is encouraged to identify additional opportunities for personal professional growth.
    • Liberal expense policy for acquiring the equipment and software that help you do your job. If we need hardware, we buy it. Everyone has rack space and corporate cards.
    • We welcomed remote employees since our founding. Our workforce is 50% remote, and currently many chose to work from home. As long as you keep delivering good work, we keep our hands off your personal style and let you manage your work day as you work best.
    • We can tell you exactly what projects you'll work on and the people you'll work with. If it's not what you want, no need to initiate a lateral transfer, we can shift your work without an issue.
    • We routinely highlight the work our employees do via our blog, product offerings, and conference talks. We talk about more than just side projects.
    • We're at the forefront of a number of markets and have the internal expertise and the ambition to capitalize on those opportunities. See your work in use and valued by many others.

Benefits for Eligible US Employees

    • Multiple generous health, vision, and dental insurance plans including no-monthly-premium options supporting individuals and families through JustWorks
    • Ancillary benefits including life and disability insurance, pre-tax commuter benefits, free Citi Bike membership, access to a HealthAdvocate, a healthcare Flexible Spending Account (FSA), and a free One Medical membership
    • 3-4 months parental leave
    • 401k with 5% company matching through Betterment
    • Charitable donation matching
    • Bonuses for recruiting, public speaking, tool releases, blog posts, academic posters, proposals, and whitepapers, and end-of-year bonuses based on company, team, and personal performance
    • 14 company holidays and four weeks of Paid Time Off (PTO)