Engineering Director, Application Security

Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world.

Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers.

Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable.

You will lead Trail of Bits' Application Security practice: a team of 12 security engineers who perform code audits, vulnerability research, and secure design reviews for some of the most technically demanding clients in the industry.

This is a hands-on leadership role. You will personally review audit findings, guide technical approaches, and maintain the credibility to engage with sophisticated clients who expect their security partner to operate at their level. You will own the practice's financial performance, project staffing, and team development.

Your team works on source code. They do static analysis, manual code review, fuzzing, and protocol-level vulnerability research across Rust, Go, C/C++, Python, Solidity, and JavaScript. You need to be able to do this work yourself, not just manage people who do it.

• Lead technical delivery. Own the quality and profitability of every engagement your team ships. Review findings, guide technical direction on complex audits, and step in when projects need senior expertise. Maintain direct relationships with your most important clients.
• Staff and grow the practice. Make project assignment decisions that balance engineer development, client needs, and profitability. Manage utilization, identify when to hire, and build the pipeline through the intern program and recruiting. Own the practice's P&L.
• Develop your engineers. Create space for your team to present at conferences, publish research, contribute to open source tools, and advance their careers. Identify and remove obstacles. Your success is measured by their output, not yours.
• Set technical direction. Decide where the practice invests in tooling, methodology, and capability development. Stay hands-on enough to know what's working and what isn't. Ensure the team's approach evolves with the threat landscape and client needs.
• Integrate AI into the practice. Champion and model the use of AI tools across your team's workflows. Help engineers adopt AI-assisted auditing, reporting, and research practices that amplify their effectiveness.

• 10+ years in security, including significant time performing source code audits, not only penetration testing
• Recent, demonstrable hands-on security work (code review, vulnerability research, tool development) within the last 12 months
• Experience leading a team of 8+ engineers through client engagements with direct financial accountability
• Proficiency in at least 4 of: Rust, Go, Python, C/C++, Solidity, JavaScript/TypeScript
• Track record of managing project profitability, utilization, and staffing decisions in a consulting environment
• Experience building team members' careers and external visibility (conference talks, publications, open source contributions)
• Proficiency with AI coding and analysis tools in your own work
• Active contributions to the security community (research, tools, advisories, publications)

Reporting Manager: Dan Guido, CEO

The base salary for this full-time position ranges from $250,000 to $300,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process.

Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. Learn more. 

Trail of Bits is our people, not a place. With over 100+ employees working from every time zone across the globe, our remote-first culture is built on autonomy and trust (and backed by smile-worthy benefits) for full-time employees:

Empowered Living:

• Competitive salary complemented by performance-based bonuses.
• Fully company-paid insurance packages, including health, dental, vision, disability, and life.
• A solid 401(k) plan with a 5% match of your base salary.
• 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.

Nurturing New Beginnings:

• 4 months of parental leave to cherish the arrival of new family members.
• Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition.

Work & Life Enrichment:

• $1,000 Working-from-Home stipend to create a comfortable and productive home office.
• Annual $750 Learning & Development stipend for continuous personal and professional growth.
• Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.

Community Impact:

• Philanthropic contribution matching up to $2,000 annually.