Senior Software Security Engineer, Research & Engineering

Who We Are

Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world.

Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our clients’ capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers.

Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable.

Role

Trail of Bits seeks a Senior Software Security Engineer within our Research & Engineering team to join our Compiler team, working at the intersection of compiler technology, program analysis, and security engineering. You will design and implement compiler-based security tools and frameworks across multiple compiler ecosystems, including LLVM, GCC, and JVM-based systems, with a focus on static and dynamic analysis techniques and formal verification approaches.

On any given day, you might develop new LLVM passes for security instrumentation, implement formal verification tools, enhance program analysis frameworks for JIT compilers, and more. Working in small teams of 2-4 people, you’ll collaborate with other compiler experts, security researchers, and clients to solve complex security challenges at the infrastructure level.

You will have opportunities to pursue compiler security research while delivering practical solutions for clients. Development primarily involves C++, Rust, and LLVM toolchains. Success is measured through both technical innovation and business impact, as you’ll be expected to help grow our formal verification and program analysis service offerings.

What You'll Achieve

Compiler-Based Security Tools: Design and implement security-focused compiler passes and tools across multiple compiler ecosystems (LLVM, GCC, JVM, WebAssembly) that enable automated vulnerability detection and mitigation at compile time.

Formal Verification: Develop and apply formal methods to verify critical properties of software, and create practical tooling that bridges academic verification approaches with real-world codebases.

Program Analysis Frameworks: Build and enhance static and dynamic analysis frameworks that identify security vulnerabilities in complex systems before they reach production, with particular attention to language-specific vulnerability patterns. 

Client Solutions: Collaborate directly with industry-leading teams to implement bespoke compiler security solutions, helping clients integrate security controls into their build systems and compiler tool changes.

Business Development: Contribute to our growing compiler security practice by demonstrating technical excellence that attracts new clients seeking compiler-level security solutions and formal verification services.

What You'll Bring

Compiler & Program Analysis Expertise: Strong knowledge of compiler design and implementation across ecosystems such as LLVM, GCC< Rust, JVM, or WebAssembly. Experience with static/dynamic analysis techniques, symbolic execution, and building analysis tools

Formal Methods & Security Skills: Experience with formal verification approaches and tools for proving properties about programs. Knowledge of software security principles and vulnerability classes, particularly in compiler and language contexts. 

Technical Capabilities: Strong development skills in C++, Rust, Java, and/or OCaml with experience contributing to large codebases. Ability to communicate complex technical concepts clearly to both technical and non-technical audiences.

Business Acumen: Demonstrated ability to identify opportunities where compiler security techniques can address client needs and drive business growth. Experience translating technical solutions into business value for clients and stakeholders.

Research & Collaboration: Demonstrated ability to understand and implement techniques from academic research, collaborate effectively in small teams, and mentor others on compiler and security topics. Experience writing technical documentation and presenting at conferences.

This position requires candidates to be authorized to work in the United States (US citizens or permanent residents/green card holders only).

The base salary for this full-time position ranges from $150,000 to $200,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process.

Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. Learn more.

Benefits

Benefits, Perks & Wellness

Trail of Bits is our people, not a place. With over 100+ employees working from every time zone across the globe, our remote-first culture is built on autonomy and trust (and backed by smile-worthy benefits) for full-time employees:

Empowered Living:

• Competitive salary complemented by performance-based bonuses.
• Fully company-paid insurance packages, including health, dental, vision, disability, and life.
• A solid 401(k) plan with a 5% match of your base salary.
• 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.

Nurturing New Beginnings:

• 4 months of parental leave to cherish the arrival of new family members.
• Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition.

Work & Life Enrichment:

• $1,000 Working-from-Home stipend to create a comfortable and productive home office.
• Annual $750 Learning & Development stipend for continuous personal and professional growth.
• Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.

Community Impact:

• Philanthropic contribution matching up to $2,000 annually.

Dedication to Diversity, Equity, Inclusion & Belonging (DEIB)

Trail of Bits is a community of innovators, risk-takers, and trailblazers who celebrate individual differences and recognize that unique perspectives make us stronger, smarter, and more successful. We actively seeks applicants who can bring a variety of experiences, perspectives, and backgrounds to the team. We provide equal employment opportunities to all employees and applicants for employment without regard to race, color, ancestry, national origin, gender, sex, pregnancy, pregnancy-related condition, sexual orientation, marital status, religion, age, disability, qualified handicap, gender identity, results of genetic testing, military status, veteran status, or any other characteristic protected by applicable law. Our team values diversity in experience and backgrounds—we do our best work when we create space for different voices and perspectives. Whatever unique experiences or skill sets you bring, we look forward to learning from each other.