Manager, Security Research

About the role

This is a research leadership role at the core of Truffle’s mission to eliminate credential leakage and secure non-human identities. Reporting directly to the CEO, you will lead and scale a small, high-impact research team while defining how modern secret scanning actually works in practice. You’ll uncover novel attack surfaces, model real attacker behavior, and turn those insights into product capabilities that materially improve how organizations detect and remediate credential exposure. This is a role for someone who wants their research to shape both the product and the category.

What you'll be working on

• Owning and driving the research roadmap, focusing on the highest-impact problems in leaked credentials, secrets exposure, and non-human identity security.
• Leading a team of experienced researchers, setting direction, assigning ownership of critical initiatives aligned to the roadmap, and ensuring research output consistently translates into product and company impact.
• Identifying and validating novel leak surfaces across code, SaaS tools, logs, datasets, and emerging ecosystems (including AI/LLMs).
• Designing and running large-scale scans and experiments to uncover real-world exposures, validate impact, and understand attacker behavior.
• Developing verification systems at scale to distinguish real, exploitable secrets from noise—improving precision without sacrificing coverage.
• Publishing high-quality technical research (blogs, reports, disclosures) and representing Truffle externally through talks, conferences, and community engagement.
• Acting as a bridge between research and product, ensuring insights turn into shipped capabilities and roadmap decisions.
• Collaborating cross-functionally with marketing, sales, and developer relations to turn research into clear, compelling narratives for customers and the broader security community.

What we're looking for

• Proven experience leading and growing a research team, with strong ownership over direction and outcomes.
• Strong product instincts: you know the difference between interesting research and work that actually improves customer outcomes.
• Deep expertise in secret scanning, including detection techniques (regex, entropy, ML-assisted), and especially verification at scale.
• Track record of discovering non-obvious, high-impact vulnerabilities or leak surfaces and validating their real-world exploitability.
• Experience turning research into shipped product improvements, not just standalone findings.
• Strong attacker mindset—you think in terms of how systems break, not just how they’re designed.
• Ability to work with messy, high-volume data (credentials, tokens, secrets) and turn it into clear insights and system improvements.
• Experience building or working on security scanners, detection systems, or large-scale data pipelines.
• Experience defining metrics, benchmarks, and evaluation frameworks for detection quality (precision, recall, verification accuracy).
• Strong technical communication skills, with experience publishing research or speaking publicly.
• Experience working cross-functionally with product, engineering, and go-to-market teams.
• Familiarity with non-human identity systems (API keys, service accounts, OAuth tokens).

Bonus points!

• Background in offensive security, bug bounty, or vulnerability research
• Experience contributing to or maintaining open-source security tools
• Interest in emerging attack surfaces in AI/LLM ecosystems
• Existing presence in the security community through research, talks, or content

Salary Range: The target base salary range for this position is between $225,000 to $260,000 for candidates in the United States. Starting salary will vary based on job-related skills, knowledge, and experience. Leveling will be determined during the interview process. You may also be offered a bonus, stock options, and benefits. These salary ranges are subject to change, and we encourage candidates outside of this salary range to apply.