Principal Security Engineer, Research & Engineering

Role

The Principal Security Engineer serves as a cultural, business, and technical leader within Trail of Bits' Research & Engineering practice. Principal Engineers set technical vision, drive new business growth, lead projects, manage people, and champion the company's publications and marketing efforts.

You will leverage your experience and professional network to turn your ideas into meaningful research and engineering efforts that impact our digital world. You will mentor and inspire other engineers who share your vision, helping them build their networks and skillsets. You will be an ambassador to the company using our blog and speaking at conferences as your primary medium.

Principal Engineers identify team organization and operational problems, spot knowledge gaps across the team, and take steps to help the team fill them. You’ll work closely with Staff Engineers on technical roadmaps, collaborate with Directors on resourcing, and support the proposal process through SoW writing and scoping.

Software development will primarily involve Rust, C++, and Python, with occasional work in Go and Java. You will lead and participate in teams of 2–4 people across remote locations. Frequent communication with team members, clients, and industry partners is essential to success.

What You'll Achieve Technical & Strategic Leadership : Set the technical vision for your area of expertise. Design and guide the execution of complex security research and engineering efforts that advance Trail of Bits' capabilities. Business Development : Engage with potential clients and drive the sales process independently. Leverage your professional network to find external funding for new research and engineering initiatives. Support the proposal process through SoW writing and scoping. People Leadership & Mentorship : Mentor 3–4 Senior Engineers, helping them build their professional networks and skillsets. Introduce mentees to your network and find opportunities for their growth. Project Leadership : Lead projects end-to-end within and beyond your core expertise. Deconstruct high-level objectives into actionable milestones, allocate work across team members, and ensure delivery. Publications & Industry Presence : Lead the company's publications and marketing efforts in your domain. Represent Trail of Bits at speaking events, panel discussions, and conferences. Author blog posts, whitepapers, and academic publications. Organizational Improvement : Identify team organization and operational problems. Spot knowledge gaps across the team and take concrete steps to help the team fill them. Security Tool Development : Architect and oversee the development of security-focused software tools and frameworks. Contribute hands‑on when needed, particularly on novel or high‑stakes problems. Cross-Practice Collaboration : Work closely with other practices to understand their challenges and needs. Turn these into collaborative efforts to build useful tooling and advance shared goals. AI/ML Security : Guide the team's approach to AI/ML security research and tooling. Identify emerging risks and opportunities in the AI/ML security landscape. What You'll Bring Extensive software development and security engineering experience, with deep expertise in Rust, C++, and/or Python. A well‑established professional network in the security industry, government, or adjacent technical communities. Demonstrated track record of leading security projects end-to-end, from scoping and proposal through delivery. Experience engaging with clients and participating in the sales or business development process. Proven ability to mentor and develop senior‑level engineers, helping them grow their careers and professional networks. Experience setting technical vision and strategy for a team or practice area. Strong knowledge of AI/ML systems and associated security challenges. Public speaking experience at conferences, panels, or industry events. Published work demonstrating thought leadership in security through blog posts, whitepapers, academic papers, or open‑source tools. Excellent written and verbal communication skills, with the ability to communicate effectively with technical teams, clients, and executive leadership. Experience writing SoWs, scoping proposals, and supporting the business development lifecycle. Ability to identify organizational and operational problems and drive solutions. Preferred Qualifications Experience building and maintaining a revenue‑generating practice area or service line. Track record of securing external funding (government contracts, grants, or sponsored research). Deep understanding of low‑level systems, including memory management, operating system internals, compiler technology, or binary analysis. Experience designing IRAD portfolios or technical roadmaps for a research organization. Contributions to major open‑source security tools or frameworks. Experience managing direct reports (1–4) and providing career development guidanc