Software Security Research Engineer
Research & Engineering – Research & Development /
About Trail of Bits
Trail of Bits helps secure the world’s most targeted organizations and products. We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.
As a cybersecurity research and consulting firm, we serve clients in the defense, tech, finance, and blockchain industries. We help with their most difficult security challenges by designing and building new technology, researching new techniques to advance the state of practice, and reviewing the security of the latest available technology products before they hit the market.
Our team consumes, produces, and presents research as a natural part of doing business. When we make new discoveries or developments, we strive to share our knowledge and release our tools as open-source. It’s a practice that’s earned us industry accolades and helped contribute to our double-digit bottom-line growth.
This role will support both our commercial clients needing software engineering support and/or our government-sponsored research. Our commercial clients typically have objectives that are more well-defined, whereas research often requires more exploration, collaboration, and prototyping before arriving at a solution.
You will be contributing to one or two research projects. You will explore open-ended problems in reverse engineering, program analysis, cryptography, and other computer security-related areas. You will develop tools for collecting and analyzing low-level system information while prioritizing the needs of the end-user. You will often work closely in teams of 2-4 people in remote locations. Technical leads will assign responsibilities to you and other team members based on expertise and interest, and you will develop proofs of concept, prototypes, and enhancements to our existing tools to support a project's goals.
You will devote a portion of your time to exploring new ideas that interest you and are relevant to today's needs in security. Internal research projects are incentivized and may be open-sourced, published on our blog, and submitted to well-respected and peer-reviewed security conferences.
We are looking for self-motivated teammates attracted to learning new technologies. It is important that new researchers communicate and connect well with a team inclusive of remote employees. Occasionally, you will present and demonstrate your work to colleagues and external stakeholders.
- Develop software for reverse engineering, program analysis, and security tools.
- Connect daily with the team virtually to describe progress, setbacks, ideas, and concerns.
- Create maintainable code and understand user needs.
- Maintain installation files, user manuals, walkthroughs, and tutorials.
- Occasionally present your work to the company and external stakeholders.
- Collaborate with the team to write conference papers, blog posts, and proposals.
Requirements & Skills
- Mastery of at least one modern programming language (C++, Python, Rust, etc.).
- Experience in developing usable and maintainable software.
- Experience working on a research team.
- Specialization in a relevant research area (e.g., static analysis, symbolic execution, patching, binary instrumentation, fuzz testing, formal methods, adversarial machine learning, etc).
- Computer Science fundamentals experience (operating systems, data structures, algorithms, networking, etc).
- Understanding of at least one architecture’s assembly language.
- Understanding of at least one intermediate representation (LLVM/IR, BNIL, LLIL, etc.).
- Knowledge of reverse engineering.
- Ability to quickly learn new programming languages and frameworks.
- Must live in the United States.
- Before, during and after COVID-19, our workforce works flexibly. Many employees choose to work from home around the globe. As long as you deliver against your goals, we encourage you to harness your personal working style to let you work best.
- Liberal expense policy for acquiring the equipment and software that help you do your job. If we need hardware to work effectively, we buy it.
- We offer exceptional and tailored technical, leadership and organizational training for our team members. Everyone is encouraged to identify additional opportunities for personal professional growth with working at Trail of Bits.
- We routinely highlight the amazing work our employees do via our blog, product offerings, and conference talks. We celebrate you!
- We're at the forefront of a number of markets and have the internal expertise and the ambition to capitalize on those opportunities. Our employees see their work in use and valued by many others.
- Multiple generous health, vision, and dental insurance plans including no-monthly-premium options supporting individuals and families through JustWorks
- Ancillary benefits including life and disability insurance, pre-tax commuter benefits, free Citi Bike membership, access to a HealthAdvocate, a healthcare Flexible Spending Account (FSA), and a free One Medical membership
- 3-4 months paid parental leave
- 401k with 5% company matching through Betterment
- Moving expenses: $5k one-time
- Charitable donation matching up to $2,000
- Bonuses for recruiting, public speaking, tool releases, blog posts, academic posters, proposals, and whitepapers, and end-of-year bonuses based on company, team, and personal performance
- 20 days of Paid Time Off (PTO) per year
- 14 company holidays per year
- Carbon offsets for your personal and corporate carbon emissions through Project Wren
- Personal information privacy protection service subscription through DeleteMe
Dedication to diversity, equity & inclusion
Trail of Bits is committed to creating and maintaining a diverse and inclusive workplace where our employees can thrive and be themselves! We welcome all persons into our community. We embrace the diversity of gender, gender identity or expression, race, color, religious creed, national origin, ancestry, age, physical and mental disabilities, medical condition, genetic characteristic, sexual orientation, marital status, family care or medical leave status, military or veteran status, or perceived membership in any of these groups.