Senior Security Engineer, Agentic AI

Who We Are

Founded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world.

Cybersecurity Preparedness

Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client’s capabilities are at the forefront of what’s available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers.

Democratizing Security Information

Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they’ll understand why a company like ours is so unique and valuable.

Role

Trail of Bits seeks a Senior Security Engineer specializing in Application Security for Agentic AI systems, within our growing Software Assurance team. You will conduct comprehensive security assessments of large language model systems, examining software across the AI supply chain and application stack — such as LLM web applications, agentic coding tools, training data and inference pipelines, and guardrail mechanisms. Additionally, this role will be responsible for development, and operationalization of prompt injection techniques, for use in end-to-end application security reviews. You will identify and analyze novel attack vectors and vulnerabilities specific to AI and agentic environments, focusing on real-world failure modes, system integration issues, and unauthorized access vectors. This role allows you to apply application security experience and adversarial thinking to the latest agentic systems and business integrations.

Responsibilities

• Conduct comprehensive security assessments of large language model systems
• Develop and operationalize prompt injection techniques
• Identify and analyze novel attack vectors and vulnerabilities specific to AI and agentic environments
• Contribute to threat modeling, adoption risk frameworks for generative AI tooling, and delivering specialized training to clients on Agentic AI security concepts, including prompt injection, ML-specific attacks, and data pipelines