Principal Security Engineer, Research & Engineering

Trail of Bits is a premier security firm founded by expert hackers, dedicated to advancing security and addressing technology's most challenging risks. The Principal Security Engineer will lead technical vision, drive business growth, mentor engineers, and represent the company in publications and at industry events. This role involves overseeing complex security research and engineering efforts while collaborating with teams to enhance organizational capabilities.

Responsibilities:

• Set the technical vision for your area of expertise
• Design and guide the execution of complex security research and engineering efforts that advance Trail of Bits' capabilities
• Engage with potential clients and drive the sales process independently
• Leverage your professional network to find external funding for new research and engineering initiatives
• Support the proposal process through SoW writing and scoping
• Mentor 3–4 Senior Engineers, helping them build their professional networks and skillsets
• Introduce mentees to your network and find opportunities for their growth
• Lead projects end-to-end within and beyond your core expertise
• Deconstruct high-level objectives into actionable milestones, allocate work across team members, and ensure delivery
• Lead the company's publications and marketing efforts in your domain
• Represent Trail of Bits at speaking events, panel discussions, and conferences
• Author blog posts, whitepapers, and academic publications
• Identify team organization and operational problems
• Spot knowledge gaps across the team and take concrete steps to help the team fill them
• Architect and oversee the development of security-focused software tools and frameworks
• Contribute hands-on when needed, particularly on novel or high-stakes problems
• Work closely with other practices to understand their challenges and needs
• Turn these into collaborative efforts to build useful tooling and advance shared goals
• Guide the team's approach to AI/ML security research and tooling
• Identify emerging risks and opportunities in the AI/ML security landscape

Requirements:

• Extensive software development and security engineering experience, with deep expertise in Rust, C++, and/or Python
• A well-established professional network in the security industry, government, or adjacent technical communities
• Demonstrated track record of leading security projects end-to-end, from scoping and proposal through delivery
• Experience engaging with clients and participating in the sales or business development process
• Proven ability to mentor and develop senior-level engineers, helping them grow their careers and professional networks
• Experience setting technical vision and strategy for a team or practice area
• Strong knowledge of AI/ML systems and associated security challenges
• Public speaking experience at conferences, panels, or industry events
• Published work demonstrating thought leadership in security through blog posts, whitepapers, academic papers, or open-source tools
• Excellent written and verbal communication skills, with the ability to communicate effectively with technical teams, clients, and executive leadership
• Experience writing SoWs, scoping proposals, and supporting the business development lifecycle
• Ability to identify organizational and operational problems and drive solutions
• Experience building and maintaining a revenue-generating practice area or service line
• Track record of securing external funding (government contracts, grants, or sponsored research)
• Deep understanding of low-level systems, including memory management, operating system internals, compiler technology, or binary analysis
• Experience designing IRAD portfolios or technical roadmaps for a research organization
• Contributions to major open-source security tools or frameworks
• Experience managing direct reports (1–4) and providing career development guidance
• Familiarity with the US Government contracting and proposal process