Senior Security Engineer, Cryptography

Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world.

Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers.

Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable.

Role

Trail of Bits seeks a Senior Security Engineer, Cryptography within our Assurance team responsible for reviewing low-level, high-assurance software in the finance, tech, defense, and blockchain industries. You will be part of a dynamic team that both engineers and reviews mission-critical cryptographic code, ensuring the implementation of novel cryptographic schemes is secure.

On any given day, you might perform code reviews across various technologies, develop new cryptanalysis tools, assist with topics ranging from standardized symmetric cryptography to post-quantum algorithms, or collaborate with academics on cutting-edge ideas. Working alongside some of the industry's best and brightest, you'll directly impact the growth of our Assurance practice.

You will independently manage your work and play a key role in conceiving new projects and driving the cryptography team forward. As an active member of the open-source cryptography community, you'll have the resources to directly influence the development landscape and help protect the safety and privacy of our clients' users.

What You’ll Achieve

Cryptographic Assessment: Perform detailed code reviews and cryptanalysis across a wide range of technologies for our clients, producing public reports that detail findings and recommendations.

Tool Development: Develop innovative tools for assessing the security of cryptographic libraries, contributing to the open-source cryptography community and improving industry standards.

Client Engagement: Work directly with clients to help secure new business and acquire grants for new cryptography tooling, communicating complex technical material effectively.

Research & Innovation: Stay current with the latest cryptography and security research, conceiving new projects for the cryptography team and collaborating with academics to implement cutting-edge ideas.

Technical Communication: Create public reports, company blog posts, and deliver presentations to the technical community that showcase your accomplishments and expertise.

What You’ll Bring

Cryptography Expertise: Experience in applied cryptography and cryptanalysis with a mathematical background sufficient for reading and implementing relevant academic research. Your deep understanding of cryptographic primitives, protocols, and their potential vulnerabilities will enable you to identify subtle issues that others might miss, even in complex implementations.

Technical Proficiency: Experience with the Git (GitHub) workflow and proficiency in one or more programming languages including Rust, Go, C++, C, or Python. Your programming skills allow you to not only analyze cryptographic implementations but also develop tools and proof-of-concepts that demonstrate vulnerabilities or improvements to existing systems.

Analytical Skills: Ability to evaluate cryptographic implementations across various contexts, from standardized symmetric cryptography to elliptic curve pairings and lattice-based post-quantum algorithms. You can quickly grasp new cryptographic schemes and their implementations, identifying where theory and practice might diverge in ways that create security risks.

Communication Excellence: Clear communication skills with an aptitude for participating in deep technical discussions and explaining complex concepts to clients and non-technical team members. Your ability to translate between the mathematical foundations of cryptography and its practical implications helps bridge gaps between theoretical security and real-world implementations.

Self-Direction: Self-motivated approach with the ability to drive new projects forward, learn new technologies quickly, and independently manage responsibilities. You thrive when given autonomy to pursue security improvements and can balance multiple priorities while maintaining high-quality output and meeting deadlines.

Collaboration Mindset: Eagerness to work with team members, clients, and the broader technical community, contributing to a dynamic and innovative environment. Your collaborative approach enriches team discussions and leads to more comprehensive security assessments that draw on diverse perspectives and expertise.

The base salary for this full-time position ranges from $175,000 to $225,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process.

Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. .

Trail of Bits is our people, not a place. With over 100+ employees working from every time zone across the globe, our remote-first culture is built on autonomy and trust (and backed by smile-worthy benefits) for full-time employees:

Empowered Living:

• Competitive salary complemented by performance-based bonuses.
• Fully company-paid insurance packages, including health, dental, vision, disability, and life.
• A solid 401(k) plan with a 5% match of your base salary.
• 20 days of paid vacation with flexibility for more, adhering to jurisdictional regulations.

Nurturing New Beginnings:

• 4 months of parental leave to cherish the arrival of new family members.
• Our team is global and remote-first. However, if you are interested in moving to NYC, we offer $10,000 in relocation assistance to support your transition.

Work & Life Enrichment:

• $1,000 Working-from-Home stipend to create a comfortable and productive home office.
• Annual $750 Learning & Development stipend for continuous personal and professional growth.
• Company-sponsored all-team celebrations, including travel and accommodation, to foster community and recognize achievements.

Community Impact:

• Philanthropic contribution matching up to $2,000 annually.

Dedication to Diversity, Equity, Inclusion & Belonging (DEIB)

Trail of Bits is a community of innovators, risk-takers, and trailblazers who celebrate individual differences and recognize that unique perspectives make us stronger, smarter, and more successful. We actively seeks applicants who can bring a variety of experiences, perspectives, and backgrounds to the team. We provide equal employment opportunities to all employees and applicants for employment without regard to race, color, ancestry, national origin, gender, sex, pregnancy, pregnancy-related condition, sexual orientation, marital status, religion, age, disability, qualified handicap, gender identity, results of genetic testing, military status, veteran status, or any other characteristic protected by applicable law. Our team values diversity in experience and backgrounds—we do our best work when we create space for different voices and perspectives. Whatever unique experiences or skill sets you bring, we look forward to learning from each other.