Senior Security Engineer

### Who you are
- AI Security Expertise: Demonstrated interest and experience in agentic AI security, with demonstrated ability to identify and mitigate AI-specific vulnerabilities across complex systems, including hands-on experience with prompt injection attacks and defenses
- Technical AI Knowledge: Deep understanding of AI/ML architectures, frameworks (PyTorch, Jax, LangChain, RAG systems, etc.), and MLOps practices, combined with robust security engineering expertise
- Application Security Skills: Track record of conducting technical security assessments of software, including software and system hardening, security policy analysis, and implementing effective security measures
- Prompt Injection Proficiency: Practical experience designing and executing prompt injection workflows against production LLM systems, agentic pipelines, and tool-use environments, including familiarity with emerging taxonomies and mitigation approaches
- Programming Proficiency: Strong knowledge of multiple programming languages such as Rust, Golang, Kotlin, Swift, Objective-C, JavaScript/TypeScript, Python, Ruby, C and/or C++ for both security analysis and tool development
- Hacker Mindset: A creative and adversarial mindset, with a passion for discovering novel attack vectors and understanding how systems work across many layers of abstraction
- Communication Skills: Ability to effectively communicate complex security concepts to diverse stakeholders and deliver clear, actionable recommendations

### What the job involves
- Trail of Bits seeks a Senior Security Engineer specializing in Application Security for Agentic AI systems, within our growing Software Assurance team
- You will conduct comprehensive security assessments of large language model systems, examining software across the AI supply chain and application stack — such as LLM web applications, agentic coding tools, training data and inference pipelines, and guardrail mechanisms
- Additionally, this role will be responsible for development, and operationalization of prompt injection techniques, for use in end-to-end application security reviews
- You will identify and analyze novel attack vectors and vulnerabilities specific to AI and agentic environments, focusing on real-world failure modes, system integration issues, and unauthorized access vectors
- This role allows you to apply application security experience and adversarial thinking to the latest agentic systems and buisness integrations
- In addition to performing technical assessments, you will contribute to threat modeling, adoption risk frameworks for generative AI tooling, and delivering specialized training to clients on Agentic AI security concepts, including prompt injection, ML-specific attacks, and data pipeline threats
- Agentic AI Security Assessments: Conduct comprehensive application security assessments of agentic AI pipelines, tools, and frameworks for leading companies and labs. Examine vulnerabilities in model architectures, guardrails, and deployment infrastructure while developing mitigation strategies
- Prompt Injection Research & Development: Develop and share novel prompt injection techniques targeting agentic workflows, including indirect injection via tool outputs, multi-turn manipulation, and cross-agent exploitation. Produce actionable attack libraries and defensive countermeasures for client engagements
- Application Security Assessment: Conduct security assessments of client code bases using a combination of static analysis, dynamic testing, and manual code review, identifying vulnerabilities and developing mitigation strategies, with a focus on findings at the intersection of application security and Agentic AI security
- Threat Modeling: Conduct threat modeling and risk assessments to proactively identify potential risks for clients and develop mitigation strategies for future prevention, with particular attention to prompt injection attack surfaces in agentic orchestration layers
- Client Engagement: Work with leading industry teams to review system code and architecture, and help assure their products through system analysis and modeling
- AI Policy & Compliance Initiatives: Develop and contribute to AI regulatory frameworks, establishing assurance methods and auditing processes for mission-critical AI applications while ensuring alignment with emerging industry standards and safety requirements

### Benefits
- Health Insurance with no-monthly-premiums
- Vision, Dental, Life & Disability Insurance
- Access to Kindbody for gynecology and fertility care
- Access to HealthAdvocate, Teledoc & OneMedical
- 401k with 5% company matching
- Competitive salaries
- Ongoing bonus opportunities
- ConnectYourCare Flex Spending Account (FSA)
- Commuter Benefits
- Fitness stipends
- Four weeks of PTO
- Fifteen company holidays
- 4 months paid parental leave
- End-of-year performance bonus
- Continuing education, public presentations and blog posts
- Recruiting & referrals
- Conferences & off-sites
- Company & team outings
- Virtual events
- Continuing education
- Training sessions & learning courses
- Internal research & development Projects
- Charitable donation matching
- Relocation assistance
- 1Password subscription
- Work from home stipend
- Remote work friendly