Trail of Bits’ Ecosystem Security Team is dedicated to improving the security and quality of engineering standards essential to the open-source ecosystem's longevity. Our team seeks a security-focused software developer to engage with Open Source communities and projects on behalf of our commercial, governmental, and non-profit clients. Among the many areas you may contribute are Open Source packaging, applied cryptography, authentication and authorization systems, and standard library and language development for major programming languages.

This is an engineering position where the focus is to integrate novel features into production systems. It does not involve direct operations like service monitoring and maintenance. Software development will be primarily in Python, with frequent Rust and occasional opportunities to work in C, C++, Go, and Ruby. In addition to software maintenance and development, the role involves frequent creative and analytic challenges to design features and reviewing existing implementations with a critical lens.

You will work with a remote team of 2-4 people in roughly 4-8 week development cycles. Technical leads will assign responsibilities to you and other team members, and you will develop proofs of concept, prototypes, and enhancements to existing tools in support of a project's goals. You will have opportunities to work for various clients throughout a typical year, and will engage with both clients and Open Source communities directly. Frequent communication with team members and clients is expected, and writing and presenting about your work publicly is encouraged and incentivized.

This position may be fully remote or based in our offices in Brooklyn. Conference attendance and travel to team offsites are encouraged but not required.

What You’ll Achieve

  • Contributing fixes and enhancements to large cross-platform codebases.
  • Designing and building solutions that balance performance, security, and functionality requirements.
  • Describe and explain technical concepts to clients, community, and co-workers.
  • Root-cause analysis and debugging on low-level technical issues.
  • Directly speaking daily with your team, typically within core hours, and coordinating asynchronously outside of core hours to organize tasking.
  • Interpreting customer requirements, decomposing tasks, and making engineering estimates.

What You’ll Bring

  • Previous experience with Open Source projects or communities. Experience leading or contributing significant features to Open Source projects is a plus.
  • 3+ years of experience in professional software development in one or more of the following domains: Open Source packaging, applied cryptography, authentication and authorization systems, or standard library and language development for major programming languages.
  • Proficiency in application and library development in Python, with systems and network experience as a plus. Experience in Go, Rust, C, and C++ is a plus.
  • Ability to work remotely and independently to set goals and find solutions.
  • Related development experience in security monitoring, security testing, security response, vulnerability research, cryptography engineering, or other security roles is a plus.
  • Composure speaking or writing directly to customers to give progress status reports and solicit feedback and new requirements.

Reporting Manager: Engineering Director

The base salary for this full-time position ranges from $126,000 to $176,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process.

Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. Learn more.