Apply on Employer Site

Truffle Security Co. · 7 hours ago

Security Researcher

United States

Full-time

Remote

Mid Level

$142K/yr - $166K/yr

3+ years exp

Truffle Security is a company dedicated to enhancing cybersecurity through open-source tools and community engagement. The Security Researcher will lead open-source security research projects, create content to share findings, and present at industry events to promote security awareness.

Cyber SecurityInformation TechnologyNetwork SecuritySoftware

No H1B

Responsibilities

Conduct cutting-edge open-source security research in areas broadly related to secrets (application security, cloud security, DevSecOps, etc.)

Create engaging content to showcase research findings, including blog posts, technical documentation, videos, and whitepapers

Present at conferences and industry events to share your discoveries, represent Truffle Security, and build community interest/trust

Contribute to open source by sharing research-driven improvements or small proof-of-concept tools to Truffle’s projects

Collaborate with engineering to share insights and help track down the occasional bug

Maintain a positive, respectful, and ethical attitude in all external and internal interactions. There's no room for egos or “gotchas” when dealing with security research

Qualification

Application SecurityCloud SecurityDevSecOpsData AnalyticsSecurity ResearchPythonGolangTechnical WritingEthical StandardsCollaborationAttention to Detail

Required

3+ years of experience in application security, or another category: Cloud Security, DevSecOps, Data Analytics, Blue Team, ....Something else? Surprise us!

Background in security research – Ideally, you have experience investigating security issues (through professional roles, side projects, or open-source contributions)

Public-facing research – Ideally, you've shared findings externally (blog posts, talks, etc.), or you're excited to build that muscle here

Excellent technical writing skills that demonstrate clarity, depth, and accuracy

Intermediate programming skills – your code doesn't need to be production-ready, but you should be comfortable prototyping and building proof-of-concept tools

Familiarity with LLM tools and how to effectively incorporate them into research and programming workflows

Strong collaboration abilities – You're equally good at respectfully asking for help and humbly providing it

Ability to juggle multiple long-term research projects – We often run 5 or 6 projects simultaneously without compromising quality or timelines

High ethical standards and integrity – We find many security vulnerabilities in our research, and it takes maturity to handle interactions with the organizations we disclose to

Attention to Detail – There are many moving parts during research projects, and this role requires patience and extreme attention to detail