Who We AreFounded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology's newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world.Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client's capabilities are at the forefront of what's available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers.Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they'll understand why a company like ours is so unique and valuable.RoleAs the Engineering Director for the Application Security Assurance Practice, you will oversee the practice's business activity and performance. You will develop and lead a team of talented security consulting engineers in this role, ensuring successful client service delivery. You will grow and elevate the team's contributions in meaningful research, tooling, and publications that cement Trail of Bits as a premier security consultancy via the team's output. You will enable the team by identifying and removing obstacles, improving processes, and documenting and launching initiatives for growth and skills development that lead to the department's growth and profitability.What You'll Achieve
- Strategic Vision and Industry Leadership: Craft and execute a forward-thinking vision for your specialty area, aligning with the company's objectives while demonstrating your thought leadership in the cybersecurity community through conferences, blogs, and social media.
- Business Growth and Service Innovation: Drive business expansion by identifying new market opportunities, developing innovative service offerings, and expanding existing services to enhance client engagement and departmental growth.
- Team Leadership and Development: Lead and mentor a diverse team of security engineers, fostering a culture of continuous growth, improvement, and innovation in technical and consulting skills and managing resource allocation and staffing to maximize team effectiveness and domain expertise.
- Client Engagement and Quality Assurance: Oversee the delivery of high-quality work products, closely collaborating with client teams to understand and meet client needs, ensuring precision in service delivery and effective problem resolution.
- Financial Strategy and Operational Efficiency: Collaboratively manage the practice's budget with cross-departmental teams, focusing on cost optimization and revenue growth while driving profitability and operational efficiency improvements.
- Performance Management and Organizational Influence: Lead performance and career development within your team, influencing hiring decisions and contributing to client and internal projects, reinforcing a results-driven, learning-oriented departmental culture.
- Strategic Partnerships and Communication: Build and maintain strategic partnerships within and outside the organization, ensuring effective communication and alignment of goals, particularly in client management and service delivery.
- Innovative Problem Solving and Project Leadership: Actively engage in innovative problem-solving and lead critical projects and decision-making processes that drive the department's success, client satisfaction, and overall company growth.
What You'll Bring
- 10+ years of experience in professional services delivery, including technical leadership roles and leading technical teams through client engagements
- Consulting background with significant contributions to client projects, encompassing strategic planning, leading teams, project management within tight deadlines, and expertise in proposal development, project scoping, and driving sales to delivery.
- Proficiency in providing specialized technical security services, including Secure Code Reviews, Dynamic Application Testing, Fuzzing, Threat Modeling and Design Reviews, Cloud Native Assessments, iOS/Android security, Containers and Orchestration security..
- Proficiency in at least 4 modern programming languages or frameworks, including, but not limited to, Rust, Go, Python, C/C++, and JavaScript.
- In-depth understanding of application security, with the ability to identify and mitigate vulnerabilities effectively. Demonstrated passion for application security, evidenced by ongoing research, contributions to open-source projects, participation in bug bounty programs, or other activities outside of professional obligations that showcase a deep interest and expertise in appsec.
- Knowledgeable in static and dynamic analysis testing methods and the tools for efficient and secure software.
- Excellent interpersonal and communication skills, capable of engaging with a diverse range of stakeholders, understanding their needs, and delivering measurable results.
- Expertise and an engineering mindset in application security, with a continuous commitment to keeping abreast of industry trends and challenges.
- Active contribution to the field through research, speaking engagements, development of security tools, or other thought leadership activities.
The base salary for this full-time position ranges from $225,000 to $275,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process.Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. Learn more.Benefits, Perks & WellnessTrail of Bits is our people, not a place. With over 100+ employees working from every time zone across the globe, our remote-first culture is built on autonomy and trust (and backed by smile-worthy benefits) for full-time employees:Empowered Living:
- Competitive salary complemented by performance-based bonuses.
- Fully company-paid insurance packages, including health, dental, vision, disability, and life.
- A solid 401(k) plan with a 5% match of your base salary.
- 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.
Nurturing New Beginnings:
- 4 months of parental leave to cherish the arrival of new family members.
- $5,000 relocation assistance for moves to New York City, supporting your transition.
Work & Life Enrichment:
- $1,000 Working-from-Home stipend to create a comfortable and productive home office.
- Annual $750 Learning & Development stipend for continuous personal and professional growth.
- Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.
Community Impact:
- Philanthropic contribution matching up to $2,000 annually.
- Opportunity to participate in Project Wren, promoting environmental responsibility and carbon footprint offset.
Dedication to Diversity, Equity, Inclusion & Belonging (DEIB)Trail of Bits is a community of innovators, risk-takers, and trailblazers who celebrate individual differences and recognize that unique perspectives make us stronger, smarter, and more successful. We actively seeks applicants who can bring a variety of experiences, perspectives, and backgrounds to the team. We provide equal employment opportunities to all employees and applicants for employment without regard to race, color, ancestry, national origin, gender, sex, pregnancy, pregnancy-related condition, sexual orientation, marital status, religion, age, disability, qualified handicap, gender identity, results of genetic testing, military status, veteran status, or any other characteristic protected by applicable law. Our team values diversity in experience and backgrounds-we do our best work when we create space for different voices and perspectives. Whatever unique experiences or skill sets you bring, we look forward to learning from each other.