Trail of Bits company image
Trail of Bits
High-end cybersecurity consultancy with a real-world attacker mentality.
Remote
View Profile
Jobs//Remote//Internships//

Winternship 2021 - 2022

Sorry, this job was removed at 1:06 p.m. (EST) on Tuesday, November 9, 2021
View 51 Jobs
Find out who's hiring in Greater NYC Area.
See all Internships jobs in Greater NYC Area
View 51 Jobs
Easy Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job

About Trail of Bits

Trail of Bits helps secure the world’s most targeted organizations and products. We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.


As a cybersecurity research and consulting firm, we serve clients in the defense, tech, finance, and blockchain industries. We help with their most difficult security challenges by designing and building new technology, researching new techniques to advance the state of practice, and reviewing the security of the latest available technology products before they hit the market.


Our team consumes, produces, and presents research as a natural part of doing business. When we make new discoveries or developments, we strive to share our knowledge and release our tools as open-source. It’s a practice that’s earned us industry accolades and helped contribute to our double-digit bottom line growth.


Role

Trail of Bits offers unique remote, short-term internship opportunities called “Winternships” (Winter Internships). Winternships generally happen over your University’s winter break. You can get paid (~$2500) to work on a project that excites you and still spend time with your friends and family. Unlike other internships, our "Winternship" program is designed for people who are ready to start working on day 1. You will take skills that you have learned and apply them to short-term low-risk projects that Trail of Bits will actually use.


Collaboration and Mentorship

Trail of Bits takes advantage of the latest technology to get work done. Winternships will be organized and tracked through Slack, Google Meet, and Github. Projects will have a project inception, schedule, and debrief. You will work with our copywriter to publish an end-of-Winternship blog post that summarizes your work.

Requirements

  • You must be a student or recently a student
  • You must have at least 3 weeks of time available between December 6, 2021 and January 28, 2022 to dedicate to the project.
  • You should have the legal right to work in the United States now or by the time you graduate

Option 1: Propose a project

  • You decide your project. Projects must be short-term, achievable within the time Winternship, and focused on cybersecurity. Project materials must be released as open-source code under a permissive license (e.g., Apache2) and be hosted on the Trail of Bits Github organization after the project concludes.

Option 2: Apply directly to one of our featured projects using the links below

  • Solana BPF vulnerability research: Find bugs in Solana BPF virtual machine implementation: RBPF. Work on any topic of analyzing their instruction verifier, extending their fuzzing harness, better static analysis or auditing their virtual machine implementation. Apply here.
  • Manticore EVM extraction: Extract all EVM related parts out of Manticore and build a fresh SE tool to handle smart contracts. Simply cut out all the relevant parts and make a simpler tool easier to test, develop, install and use BUT only smart contract related. Apply here.
  • Dylint rules and development: Write Dylint lints. We have accumulated a list of security related lints we would like. Implementing any number of them would produce code that would be run during audits. Apply here.

Option 3: Work on one of the projects below

  • Fuzzing: Fuzz a given low level open source project with the goal of finding memory corruption bugs. (ideally, have a target idea you would like to work on)
  • Find Bugs in Rust: Learn finding bugs in Rust by developing static analysis rules in Dylint or Semgrep for finding buggy patterns in Substrate-based blockchains. We have many examples of those, so you can learn quirks of Substrate APIs and blockchains written with this technology.
  • MUI: Extend feature set of MUI, the GUI for Manticore, or extend MUI to operate on an additional platform such as IDA.
  • CPython API Misuse: Implement CodeQL rules, extend Clang Static Analyzer or implement other static analysis to find CPython API misuses. There are many ways to go wrong with CPython APIs and many are straightforward to identify like: 1) passing possibly NULL arguments to functions or macros that require non-null argument; 2) violating APIs execution order requirements; 3) failing to check return errors; or 4) reference counting errors. We have ideas or examples of some of those.
  • Go-Fuzz: Improve Go-fuzz, a Golang fuzzer. Help us improve its initial corpus, fix its obscure bugs, implement a corpus minimizer, work on new fuzzing strategies, improve its UX or maybe implement a leak detector? Choose 1-3 goals from this list.
  • Rust: Extending our fuzzing wrapper for Rust, test-fuzz, by adding cargo-fuzz as a fuzzing backend (in addition to AFL).

Company Perks

  • Winterns who perfom well and meet all expectations will be invited back for later roles or internships,
  • Before, during and after COVID-19, our workforce works flexibly. Many employees choose to work from home around the globe. As long as you deliver against your goals, we encourage you to harness your personal working style to let you work best.
  • We routinely highlight the amazing work our employees do via our blog, product offerings, and conference talks. We celebrate you!
  • We're at the forefront of a number of markets and have the internal expertise and the ambition to capitalize on those opportunities. Our employees see their work in use and valued by many others.

Dedication to diversity, equity, & inclusion

Trail of Bits is committed to creating and maintaining a diverse and inclusive workplace where our employees can thrive and be themselves! We welcome all persons into our community. We embrace the diversity of gender, gender identity or expression, race, color, religious creed, national origin, ancestry, age, physical and mental disabilities, medical condition, genetic characteristic, sexual orientation, marital status, family care or medical leave status, military or veteran status, or perceived membership in any of these groups.


Interested?

If you’re interested, submit your resume and a little bit about the project you’d like to work on.

See More
Easy Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.
Cara Pearson
Director of Professional Services
Developing rapport
Creating a pattern of personal connection
As part of a three-women team, Pearson prioritizes personal connection in order to develop a positive culture from the ground up. As the company grows, she says keeping connectivity front and center through virtual events, one-on-one coffee meetings, and chats will be that much more important.
As part of a three-women team, Pearson prioritizes personal connection in order to develop a positive culture from the ground up. As the company grows, she says keeping connectivity front and center through virtual events, one-on-one coffee meetings, and chats will be that much more important.
I think it is nice to recharge by having a non-work-related conversation every now and then to check in on how people are doing and what I can do to help keep personal connection and engagement at the forefront of a remote work environment.
Cara Pearson
Director of Professional Services
Suha Hussain
Security Engineering Intern
Diving right in
Becoming a subject-matter expert
As a security engineering intern, Hussain primarily spends her time between classes and a part-time job digging into PrivacyRaven, a Python library for testing deep learning systems. While she enjoys that work, she appreciates not being pigeonholed into a certain facet of the business. Since she’s been with the company, she’s been able to test different program analysis tools and shadow multiple security audits.
As a security engineering intern, Hussain primarily spends her time between classes and a part-time job digging into PrivacyRaven, a Python library for testing deep learning systems. While she enjoys that work, she appreciates not being pigeonholed into a certain facet of the business. Since she’s been with the company, she’s been able to test different program analysis tools and shadow multiple security audits.
Trail of Bits’ formal modeling reading group inspired many breakthroughs in one of my cryptography research projects.
Suha Hussain
Security Engineering Intern

What are Trail of Bits Perks + Benefits

Trail of Bits Benefits Overview

Empowered Living
From the moment you start, our holistic approach takes care of you and your family with fully company-covered insurance packages — health, dental, vision, disability, and life. We complement this with a solid 401(k) match of 5% of your base salary to build your future financial health. Plus, to maintain a healthy work-life balance, you're entitled to 4 weeks (20 days) of paid vacation (unless otherwise mandated by jurisdictional regulations), with the flexibility to add more.

Nurturing New Beginnings
Embracing life's milestones is part of our ethos. As you welcome new family members, our 4 months of parental leave ensures you're fully present in those precious early moments. And if relocating to the vibrant heart of New York City is part of your journey, we make the move smoother with a $5,000 relocation assistance.

Work & Life Enrichment
We recognize that a fulfilling career transcends the confines of the office. That's why we offer an initial $1,000 Working-from-Home (WFH) stipend to set up your ideal home office, ensuring productivity and comfort in your workspace. Our commitment to your continuous learning and development comes with a yearly $750 L&D stipend, encouraging you to grow your skills and knowledge. To foster our united spirit, we bring everyone together for an all-company celebration, with all travel and accommodation provided, to recognize our shared successes and strengthen our community bonds.

Community Impact
Integral to our culture is a dedication to exerting a positive influence beyond our workplace, where we annually match your philanthropic contributions up to $2,000. Our commitment also extends to environmental responsibility, where employees can participate in Project Wren, a subscription service that offsets their carbon footprint through climate change initiatives.

Culture
Volunteer in local community
Open door policy
OKR operational model
Team based strategic planning
Flexible work schedule
We maintain a flexible work schedule that cares more about results than time in the office.
Remote work program
Diversity
Mandated unconscious bias training
We work with LifeLabs once per year to deliver an unconscious bias and behaviors of inclusion training to our employees.
Hiring practices that promote diversity
Inclusive language in job postings, prioritize under-represented groups in our hiring pipeline, work with specialized recruiters, avoid whiteboard coding during interviews.
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Trail of Bits employees can contribute up to $2750 annually to their FSA.
Disability insurance
Short-term Disability insurance covers 60% of weekly salary up to $1,000 weekly maximum payout. Long-term Disability insurance covers 60% of monthly salary up to $5,000 monthly maximum payout.
Dental insurance
Choose between premium MetLife or Aetna PPO+ dental plans, at no cost to the employee.
Vision insurance
Choose between premium MetLife or Aetna Vision+ plans, at no cost to the employee.
Health insurance
Trail of Bits health insurance policy covers up to 100% of out of pocket expenses. All health insurance plans include access to HealthAdvocate, OneMedical on-demand primary care, and Teladoc.
Life insurance
All full time employees receive $50,000 in Life Insurance and $50,000 in AD&D Insurance at no cost to the employee
Wellness programs
Full time employees in qualifying locations have access to fitness club discounts, a gym membership stipend, ClassPass, and bike share membership.
Mental health benefits
Transgender health care benefits
Financial & Retirement
401(K)
401(K) matching
Trail of Bits provides employees with a 401(k) matching plan managed by Betterment. We match 5% of employee's annual gross pay.
Performance bonus
Charitable contribution matching
Trail of Bits will match $2000 of charitable donations per year.
Pay transparency
Child Care & Parental Leave Benefits
Generous parental leave
Family medical leave
Return-to-work program post parental leave
Vacation & Time Off Benefits
Generous PTO
Trail of Bits employees receive 20 days per year of paid time off.
Paid volunteer time
Paid holidays
Paid sick days
Office Perks
Commuter benefits
Company-sponsored outings
Relocation assistance
Fitness stipend
Home-office stipend for remote employees
Professional Development Benefits
Job training & conferences
Tuition reimbursement
Lunch and learns
We regularly host team reviews of new academic research publications.
Promote from within
Mentorship program
Continuing education stipend
Continuing education available during work hours
Learning is a continuous activity at Trail of Bits, and employees are bonused for completing online classes, frequently collaborate in study groups, and meet to discuss recent academic papers.
Online course subscriptions available
Customized development tracks
Paid industry certifications
View full list of perks + benefits
Photo Gallery

More Jobs at Trail of Bits

Easy Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about Trail of BitsFind similar jobs like this