Senior Security Researcher

Summary

Join Truffle Security Co., a fully remote team dedicated to open-source security research, and spearhead impactful projects. You will conduct cutting-edge research, create engaging content (blog posts, videos, presentations), and present findings at conferences. Collaborate with the Security Research team lead to select projects aligning with industry trends and company goals. Your expertise in application security and another information security domain will be crucial. This highly visible role involves building proof-of-concept tools and contributing to Truffle Security's open-source tools. You will also serve as a security subject matter expert for the engineering team.

Requirements

• Proven background in security research - Ideally, you have written/presented about security vulnerabilities in the past and can share some of these with us
• Expertise in application security , plus experience in at least one other category: Cloud Security
• DevSecOps
• Data Analytics
• Blue Team
• Excellent technical writing skills that demonstrate clarity, depth, and accuracy
• History of public speaking on security topics, with the ability to engage and educate technical and non-technical audiences
• Intermediate programming skills - your code doesn’t need to be production-ready, but you should be highly comfortable prototyping and building proof-of-concept tools. We work primarily in Python and Golang
• Familiarity with LLM tools and how to effectively incorporate them into research and programming workflows
• Strong collaboration abilities - You’re equally good at respectfully asking for help and humbly providing it
• Ability to juggle multiple long-term research projects - We often run 5 or 6 projects simultaneously without compromising quality or timelines
• High ethical standards and integrity - We find many security vulnerabilities in our research, and it takes maturity to handle interactions with the organizations we disclose to
• Attention to Detail - There are many moving parts during research projects, and this role requires patience and extreme attention to detail

Responsibilities

• Conduct cutting-edge open-source security research in areas broadly related to secrets (application security, cloud security, DevSecOps, etc.)
• Create engaging content to showcase research findings, including blog posts, technical documentation, videos, and whitepapers
• Present at conferences and industry events to share your discoveries, represent Truffle Security, and build community interest/trust
• Build Proof-of-Concept tools to assist with research and then share them internally with engineering
• Contribute to Truffle Security’s Open-Source Tools when research drives new improvements to TruffleHog or requires a new tool altogether
• Serve as a security subject matter expert for engineering by helping track down the occasional security bug, providing insight on a new product/feature, and knowledge sharing
• Maintain a positive, respectful, and ethical attitude in all external and internal interactions. There's no room for egos or “gotchas” when dealing with security research

Preferred Qualifications

...Something else? Surprise us!

Benefits

• Commitment to building a culture of mentorship, equity, and psychological safety
• Competitive compensation and equity package
• 401(k) with 6% company match
• Flexible paid time off 14 paid holidays, including Thanksgiving and Winter break, and “Truffle Holidays” where the entire company takes a day off
• Medical, dental, and vision coverage 80% Premium coverage for employees & their dependents
• Remote work stipend $800 new hire stipend, and $100/monthly thereafter. We want you to be comfortable working remotely
• Health & wellness stipend $1,200/year. Maintaining your physical, mental, and emotional well-being is foundational to doing your best work
• Learning & development stipend $2,000/year. Adopting a growth-mindset allows you to grow professionally and personally
• Company off-sites! We’re 100% remote with no office, but won’t let that stop us from working closely together. Past destinations have included Hawaii, Cabo, Chicago, Savannah, and the Rocky Mountains