Senior Security Researcher

Summary

Join Truffle Security Co., a fully remote team, as a Security Researcher to spearhead open-source security research projects. You will share your findings through various media, including blog posts, videos, and conference talks. This highly visible role involves collaborating with the Security Research team lead to select and execute projects aligned with industry trends and company goals. You will create engaging content, present at conferences, build proof-of-concept tools, and contribute to Truffle Security's open-source tools. The ideal candidate possesses a proven background in security research, excellent technical writing skills, public speaking experience, and intermediate programming skills. This position offers a competitive salary, comprehensive benefits, and a flexible work environment.

Requirements

• Proven background in security research - Ideally, you have written/presented about security vulnerabilities in the past and can share some of these with us
• Expertise in application security , plus experience in at least one other category: Cloud Security
• DevSecOps
• Data Analytics
• Blue Team
• Excellent technical writing skills that demonstrate clarity, depth, and accuracy
• History of public speaking on security topics, with the ability to engage and educate technical and non-technical audiences
• Intermediate programming skills - your code doesn’t need to be production-ready, but you should be highly comfortable prototyping and building proof-of-concept tools. We work primarily in Python and Golang
• Familiarity with LLM tools and how to effectively incorporate them into research and programming workflows
• Strong collaboration abilities - You’re equally good at respectfully asking for help and humbly providing it
• Ability to juggle multiple long-term research projects - We often run 5 or 6 projects simultaneously without compromising quality or timelines
• High ethical standards and integrity - We find many security vulnerabilities in our research, and it takes maturity to handle interactions with the organizations we disclose to
• Attention to Detail - There are many moving parts during research projects, and this role requires patience and extreme attention to detail

Responsibilities

• Conduct cutting-edge open-source security research in areas broadly related to secrets (application security, cloud security, DevSecOps, etc.)
• Create engaging content to showcase research findings, including blog posts, technical documentation, videos, and whitepapers
• Present at conferences and industry events to share your discoveries, represent Truffle Security, and build community interest/trust
• Build Proof-of-Concept tools to assist with research and then share them internally with engineering
• Contribute to Truffle Security’s Open-Source Tools when research drives new improvements to TruffleHog or requires a new tool altogether
• Serve as a security subject matter expert for engineering by helping track down the occasional security bug, providing insight on a new product/feature, and knowledge sharing
• Maintain a positive, respectful, and ethical attitude in all external and internal interactions. There's no room for egos or “gotchas” when dealing with security research

Preferred Qualifications

...Something else? Surprise us!

Benefits

• Competitive salary & meaningful equity – Be rewarded for your contributions with a strong compensation package and a stake in our shared success
• Flexible paid time off – We operate with a high level of autonomy and trust, giving you the flexibility to take time off as needed—no strict limits, just the expectation that you’re meeting your commitments and getting your work done
• 14 paid holidays – Including Thanksgiving, Winter Break, and “Truffle Holidays” when the entire company takes a well-deserved day off together
• Comprehensive health benefits – Medical, dental, and vision coverage with 80% of premiums covered for you and your dependents
• Remote work stipend – Get set up for success with an $800 new hire stipend and $100/month to keep your workspace comfortable
• Health & wellness stipend – $1,200/year to support your physical, mental, and emotional well-being— we believe that feeling good helps you do great work
• Learning & development stipend – $2,000/year to invest in your growth, whether it’s courses, certifications, or industry conferences
• 401(k) match – We match 100% of the first 6% of your contributions on every paycheck, helping you build financial security for the future
• 100% remote + company off-sites – Twice a year, we come together in amazing locations like Hawaii, Cabo, and the Rocky Mountains to collaborate and connect
• A culture of mentorship, equity, and psychological safety – We’re committed to fostering an environment where you can thrive, learn, and feel valued