Security Researcher @ Truffle Security

About us

TruffleHog is a popular open source tool used by security researchers all over the world to find leaky API keys and responsibly disclose them to affected companies. This provides income through bug bounty platforms like HackerOne to individuals that may otherwise have a hard time finding employment. This also prevents breaches from occurring, which can be very costly for companies to resolve.

When we founded Truffle Security Co. in February of 2021, we committed to continue to grow a community with security researchers around the world, and continue to provide free and open resources to support those that make the world more secure. We have a strong commitment to open source and to the community. We’re looking for help supporting our mission to prevent leaking credentials and build the best products for machine identity protection.

At Truffle, you’ll have the opportunity to join a fully remote, collaborative team contributing to meaningful advancements in cybersecurity.

About the role

In this highly visible, community-focused position, you will spearhead open-source security research projects and share your findings with the broader security community via blog posts, videos, webinars, conference talks, and open-source code contributions. By highlighting real-world security vulnerabilities, you’ll help amplify the Truffle Security brand and inspire organizations to better secure themselves.

Below are blog posts to give you a sense for our style of research:

Working closely with our Security Research team lead, you'll have the opportunity to select and run research projects that align with industry trends, emerging threats, product features, and company goals. Your expertise in application security and one other information security domain will drive the creation of engaging, credible content that resonates with both technical and non-technical audiences.

Note: While the role is primarily geared toward candidates in the U.S. to align with conference schedules and time zone collaboration, we’re open to applicants based in Canada and Europe who bring strong relevant experience and can maintain sufficient working hour overlap with our U.S.-based team.

What you'll be working on

Conduct cutting-edge open-source security research in areas broadly related to secrets (application security, cloud security, DevSecOps, etc.).
Create engaging content to showcase research findings, including blog posts, technical documentation, videos, and whitepapers.
Present at conferences and industry events to share your discoveries, represent Truffle Security, and build community interest/trust.
Contribute to open source by sharing research-driven improvements or small proof-of-concept tools to Truffle’s projects.
Collaborate with engineering to share insights and help track down the occasional bug.
Maintain a positive, respectful, and ethical attitude in all external and internal interactions. There's no room for egos or “gotchas” when dealing with security research.

What we're looking for

3+ years of experience in application security, or another category:
- Cloud Security
- DevSecOps
- Data Analytics
- Blue Team
- ....Something else? Surprise us!
Background in security research – Ideally, you have experience investigating security issues (through professional roles, side projects, or open-source contributions)
Public-facing research – Ideally, you’ve shared findings externally (blog posts, talks, etc.), or you’re excited to build that muscle here
Excellent technical writing skills that demonstrate clarity, depth, and accuracy
Intermediate programming skills – your code doesn’t need to be production-ready, but you should be comfortable prototyping and building proof-of-concept tools
- We work primarily in Python and Golang
Familiarity with LLM tools and how to effectively incorporate them into research and programming workflows
Strong collaboration abilities – You’re equally good at respectfully asking for help and humbly providing it
Ability to juggle multiple long-term research projects – We often run 5 or 6 projects simultaneously without compromising quality or timelines
High ethical standards and integrity – We find many security vulnerabilities in our research, and it takes maturity to handle interactions with the organizations we disclose to
Attention to Detail – There are many moving parts during research projects, and this role requires patience and extreme attention to detail

Salary range: The target salary range for this position is between $141,500 - $166,400. Starting salary will vary based on job-related skills, knowledge, and experience. Leveling will be determined during the interview process. You may also be offered a bonus, stock options, and benefits. These salary ranges are subject to change, and we encourage candidates outside of this salary range to apply.

How we support our team

Fully remote within the U.S. – We believe opportunity shouldn’t be limited by geography. Our remote-first approach lets us hire the best people across the United States and empowers them to do their best work from wherever they are.
A culture of mentorship, equity, and psychological safety – We’re committed to fostering an environment where you can thrive, learn, and feel valued.
Competitive salary & meaningful equity – Be rewarded for your contributions with a strong compensation package and a stake in our shared success.
Flexible paid time off – We operate with a high level of autonomy and trust, giving you the flexibility to take time off as needed—no strict limits, just the expectation that you’re meeting your commitments and getting your work done.
14 paid holidays – Including Thanksgiving, Winter Break, and "Truffle Holidays" when the entire company takes a well-deserved day off together.
Comprehensive health benefits – Medical, dental, and vision coverage with 80% of premiums covered for you and your dependents.
Remote work stipend – Get set up for success with an $800 new hire stipend and $100/month to keep your workspace comfortable.
Health & wellness stipend – $1,200/year to support your physical, mental, and emotional well-being— we believe that feeling good helps you do great work.
Learning & development stipend – $2,000/year to invest in your growth, whether it’s courses, certifications, or industry conferences.
401(k) match – We match 100% of the first 6% of your contributions on every paycheck, helping you build financial security for the future.
100% remote + company off-sites – Twice a year, we come together in amazing locations like Hawaii, Cabo, and the Rocky Mountains to collaborate and connect.

We’re looking for folks who are interested in being part of the journey to make the internet more secure. The internet is for all, and we believe that diverse experiences and people from all walks of life can contribute to this mission. That said, if what we’re doing resonates with your values, we’d love to have you apply even if you don’t check all of the boxes or match the job description to a tee.

Truffle strives to promote an equitable, inclusive, and psychologically-safe workplace for all who are interested in working with us. All job applicants will be considered throughout the employment process without regard to race, color, ethnicity, religion, sex, sexual orientation, gender perception/identity, age, pregnancy or parental status, disability status, or any other basis prohibited by law. If you are an individual with disabilities and reasonable accommodation is needed throughout the interview process, or to perform essential job functions, please let your recruiter know.

Lastly, we ask that all applicants consider the opportunity to answer a few voluntary demographic questions on the job application. This helps us track the inclusivity of our recruiting initiatives. Answering these questions is entirely optional and your answers will not be shared with the hiring team and will not impact the hiring decision.

Note: Our organization participates in the US federal E-Verify program. We will provide the Social Security Administration, and if necessary, the Department of Homeland Security, with information from each new employee’s Form I-9 to confirm work authorization. We do not use this information to pre-screen job applicants.

Security Researcher

Truffle Security

Compensation Overview

Simplify's Take

What believers are saying

What critics are saying

What makes Truffle Security unique

Benefits

Growth & Insights and Company News

6 month growth

1 year growth

2 year growth