Skip to content
Trail of BitsTrail of BitsUnited States

Security Engineer 1, Application Security

Security Engineer contributing to application security assessments, vulnerability discovery, and custom tooling development. Owns components of client engagements and drives findings from discovery through delivery.

100k – 160k
RemoteEntry levelSecurity Engineering

About the role

What You’ll Achieve

Security Assessment Ownership - Lead security assessments for specific components, modules, or systems within larger client engagements. Identify vulnerabilities, trace root causes, and own your analysis from discovery through client delivery.

Vulnerability Discovery and Analysis - Find and validate real vulnerabilities in application code and systems. Explain exploitation paths, assess impact, and develop proof-of-concept code when needed.

Custom Security Tooling - Design and build security testing tools and automation for vulnerability detection. Own tool development from concept through deployment on client projects.

Architecture and Threat Modeling - Conduct threat modeling and architecture reviews of software systems. Identify attack surfaces, data flows, and security boundaries. Propose concrete mitigations.

Client Communication - Translate technical findings into clear, actionable recommendations for engineering teams. Own client relationships for your component of the work.

Research and Innovation - Contribute to security research initiatives. Build tools, document findings, and stay on the cutting edge of vulnerability research and application security.

What You’ll Bring

  • Demonstrable vulnerability research capability - Proven ability to find and validate real vulnerabilities (CTF wins, published CVEs, bug bounty finds, or security research)
  • Strong code analysis skills - Read complex code, trace execution, identify logic flaws, and explain why something is exploitable
  • Hands-on coding proficiency - Fluent in at least two of: Rust, Go, C, C++, Python, JavaScript, TypeScript, or similar
  • Memory safety understanding - Understand memory corruption vulnerabilities (buffer overflows, use-after-free) and modern mitigations (ASLR, DEP, CFI)
  • Systems knowledge - Deep familiarity with operating systems, IPC, privilege boundaries, and how applications interact with system internals
  • Autonomous problem-solving - Drive your own work, own pieces of engagements, ask good questions, debug issues, and reach conclusions without hand-holding
  • Clear technical communication - Explain complex security findings to engineers; reports are clear and actionable

Nice to Have

  • Active CTF participation - Current or recent CTF team participation, CTF wins, or rankings
  • Published vulnerability research - CVEs, bug bounties, responsible disclosures, or security writeups
  • Open source security contributions - Tools, libraries, or research contributions to open source projects
  • Mobile security experience - Android, iOS, or macOS internals; binary analysis on mobile platforms
  • Published technical writing - Blog posts, security research writeups, conference talks, or technical documentation
  • Cloud security experience - AWS, GCP, or Azure security assessment and architecture review
  • Kernel or low-level development - Experience with kernel code, drivers, or system-level programming

About You

You're 0–2 years into your security career, or you're coming from software engineering with a strong security foundation. You have proven ability to find vulnerabilities and understand how systems break. You're autonomous, you own your work, you drive your own analysis, and you don't need someone looking over your shoulder.

Skills

RustGoCC++PythonJavaScriptTypeScriptVulnerability ResearchCode AnalysisThreat ModelingMemory SafetySystems Programming
Kraken

IAM Engineer

KrakenUnited States

IAM Engineer responsible for implementing and improving identity and access management tooling (Okta, ConductorOne, Terraform) with RBAC/ABAC/JIT controls. Requires 2+ years experience in IAM infrastructure, scripting, and IGA platforms in a fast-paced crypto environment.

96k – 192k
Remote2+ YOESecurity Engineering
Quindar

Information Security System Officer

QuindarArvada, CO

Enforce and maintain information security policies for CUI systems, ensuring NIST SP 800-171 compliance and CMMC 2.0 accreditation. Coordinate with ISSM, admins, and leadership on risk management, incident response, and continuous monitoring.

95k – 120k
Hybrid2+ YOESecurity Engineering
Clear Street

Associate - Surveillance

Clear StreetDel Mar, CA

Conducts daily trade surveillance reviews for active trader clients using Nasdaq Trade Surveillance (NTS), detecting and investigating market manipulation in equities and listed options. Requires 3-5 years NTS experience and strong analytical skills in abusive trading patterns.

95k – 110k
Hybrid3+ YOESecurity Engineering
Upstart

SecOps Engineer

UpstartUnited States

SecOps Engineer building automated response mechanisms, triaging alerts, hunting threats, and supporting incident response with AI and SOAR tools. Requires strong logging skills, Python, and Git experience in a security-focused environment.

112k – 155k
RemoteEntry levelSecurity Engineering
Idme

Threat Detection Engineer

IdmeMountain View, CA

Develop and optimize high-fidelity threat detections across SIEM/SOAR platforms using Python, SQL, and AI/ML techniques. Focus on LLM-assisted workflows, AI-specific threat detection, and infrastructure-as-code for scalable security operations.

113k – 140k
On-site2+ YOESecurity Engineering