About us
TruffleHog is a popular open source tool used by security researchers all over the world to find leaky API keys and responsibly disclose them to affected companies. This provides income through bug bounty platforms like HackerOne to individuals that may otherwise have a hard time finding employment. This also prevents breaches from occurring, which can be very costly for companies to resolve.
When we founded Truffle Security Co. in February of 2021, we committed to continue to grow a community with security researchers around the world, and continue to provide free and open resources to support those that make the world more secure. We have a strong commitment to open source and to the community. We’re looking for help supporting our mission to prevent leaking credentials and build the best products for machine identity protection.
At Truffle, you’ll have the opportunity to join a fully remote, collaborative team contributing to meaningful advancements in cybersecurity.
About the role
As a Security Research Engineer, you will bridge the gap between cutting-edge security research and production-grade engineering. You will be responsible for building and maintaining the infrastructure that powers our research, with a focus on data pipelines and the delivery of novel, high-signal LLM-based tooling. This role is critical in helping our team scale its detection capabilities and turn theoretical security research into impactful features for both our internal teams, Open Source (OSS) users, and Enterprise (EE) customers.
What you'll be working on
- Research Data Pipeline Ownership: Take full ownership of the research data pipeline, ensuring that data is ingested, processed, and utilized efficiently to fuel our detection engines and research projects.
- Agentic Systems & Orchestration: Design and implement agentic workflows that leverage LLMs and other ML concepts for complex reasoning, multi-step tool-use, and autonomous security research tasks.
- Engineering Support for Research: Act as the engineering backbone for our security research efforts, translating complex research concepts into scalable, functional tools
- Collaborative Prototyping: Support the Principal Research Engineer in delivering high-priority projects, providing the engineering muscle needed to accelerate our research roadmap.
What we're looking for
- 3–5 Years of Software Engineering Experience: A strong foundation in general software engineering, with a track record of building reliable, maintainable systems.
- Data Pipeline Expertise: Proven experience running and optimizing data pipelines, ideally within the context of detection engineering or security analytics.
- Intermediate AWS Knowledge: Intermediate experience deploying and maintaining research-focused resources on AWS.
- Experience Building Production AI Tooling: Direct experience moving LLM-based projects from the PoC stage into a stable production environment.
- Security Literacy: Intermediate knowledge of application security and offensive security principles (understanding how attackers operate).
- Ownership & Ego-less Collaboration: You are comfortable owning entire projects from end-to-end but approach collaboration with a "no-ego" mindset.
- Reliability: You are known for being thorough and ensuring that your work is dependable and robust.
- Rapid Prototyping: An ability to build and iterate quickly, balancing speed with the thoroughness required for security-sensitive work.
- AI-First Mindset: A deep interest in AI/ML with a commitment to high-quality output.
Bonus points
- Presentation Skills: Experience or interest in presenting research findings or technical work to the broader security community.
- Secrets Experience: Prior experience working with secrets management, secret scanning, or related security disciplines.
- Open Source Contributor: A history of contributing to or maintaining open-source security tools.
Salary range: The target salary range for this position is between $140,500 - $190,000. This role may span multiple levels. Starting salary will vary based on job-related skills, knowledge, and experience. Leveling will be determined during the interview process. You may also be offered a bonus, stock options, and benefits. These salary ranges are subject to change, and we encourage candidates outside of this salary range to apply.
How we support our team
- Fully remote within the U.S. – We believe opportunity shouldn’t be limited by geography. Our remote-first approach lets us hire the best people across the United States and empowers them to do their best work from wherever they are.
- A culture of mentorship, equity, and psychological safety – We’re committed to fostering an environment where you can thrive, learn, and feel valued.
- Competitive salary & meaningful equity – Be rewarded for your contributions with a strong compensation package and a stake in our shared success.
- Flexible paid time off – We operate with a high level of autonomy and trust, giving you the flexibility to take time off as needed—no strict limits, just the expectation that you’re meeting your commitments and getting your work done.
- 14 paid holidays – Including Thanksgiving, Winter Break, and "Truffle Holidays" when the entire company takes a well-deserved day off together.
- Comprehensive health benefits – Medical, dental, and vision coverage with 80% of premiums covered for you and your dependents.
- Remote work stipend – Get set up for success with an $800 new hire stipend and $100/month to keep your workspace comfortable.
- Health & wellness stipend – $1,200/year to support your physical, mental, and emotional well-being— we believe that feeling good helps you do great work.
- Learning & development stipend – $2,000/year to invest in your growth, whether it’s courses, certifications, or industry conferences.
- 401(k) match – We match 100% of the first 6% of your contributions on every paycheck, helping you build financial security for the future.
- 100% remote + company off-sites – Twice a year, we come together in amazing locations like Hawaii, Cabo, and the Rocky Mountains to collaborate and connect.
We’re looking for folks who are interested in being part of the journey to make the internet more secure. The internet is for all, and we believe that diverse experiences and people from all walks of life can contribute to this mission. That said, if what we’re doing resonates with your values, we’d love to have you apply even if you don’t check all of the boxes or match the job description to a tee.
Truffle strives to promote an equitable, inclusive, and psychologically-safe workplace for all who are interested in working with us. All job applicants will be considered throughout the employment process without regard to race, color, ethnicity, religion, sex, sexual orientation, gender perception/identity, age, pregnancy or parental status, disability status, or any other basis prohibited by law. If you are an individual with disabilities and reasonable accommodation is needed throughout the interview process, or to perform essential job functions, please let your recruiter know.
Lastly, we ask that all applicants consider the opportunity to answer a few voluntary demographic questions on the job application. This helps us track the inclusivity of our recruiting initiatives. Answering these questions is entirely optional and your answers will not be shared with the hiring team and will not impact the hiring decision.
Note: Our organization participates in the US federal E-Verify program. We will provide the Social Security Administration, and if necessary, the Department of Homeland Security, with information from each new employee’s Form I-9 to confirm work authorization. We do not use this information to pre-screen job applicants.
