About us

TruffleHog is a popular open source tool used by security researchers all over the world to find leaky API keys and responsibly disclose them to affected companies. This provides income through bug bounty platforms like HackerOne to individuals that may otherwise have a hard time finding employment. This also prevents breaches from occurring, which can be very costly for companies to resolve.

When we founded Truffle Security Co. in February of 2021, we committed to continue to grow a community with security researchers around the world, and continue to provide free and open resources to support those that make the world more secure. We have a strong commitment to open source and to the community. We’re looking for help supporting our mission to prevent leaking credentials and build the best products for machine identity protection.

At Truffle, you’ll have the opportunity to join a fully remote, collaborative team contributing to meaningful advancements in cybersecurity.

About the role

Truffle Security is looking for a Senior Developer Advocate with a background in application security to help developers and security teams unlock the full power of TruffleHog. In this role, you’ll act as the bridge between our open-source community and TruffleHog—amplifying user voices, creating educational content, and driving adoption across both individual users and enterprise teams.

You’ll collaborate closely with our research, engineering, product, and marketing teams to improve the developer experience, showcase practical integrations, and turn community feedback into actionable product insights. If you love turning complex technical ideas into accessible learning experiences and want to champion one of the most popular open-source tools in the security space, we’d love to meet you.

What youll be working on

Drive Awareness – Create engaging content—blog posts, videos, tutorials, and demos—that show developers and security engineers how to integrate TruffleHog into their workflows (i.e. CI/CD pipelines, enterprise security processes, etc.).
Educate and Inspire – Lead hands-on workshops, webinars, and community sessions that teach secrets management best practices and showcase TruffleHog’s capabilities. Youll break down complex security topics into clear, actionable guidance for both developers and security engineers—helping them feel confident integrating TruffleHog into everything from CI/CD pipelines to enterprise workflows.
Community Engagement – Participate in GitHub issues, Slack/Discord, Stack Overflow, and other forums. Answer questions, gather feedback, and serve as a friendly, helpful face of Truffle Security. You’ll also drive the improvement of our open-source developer documentation since this is the primary engagement point for our community.
Collaborate Internally – Partner with engineering and product to relay community feedback that improves both our open-source and enterprise offerings. While not necessarily writing code, you’ll contribute by suggesting improvements, crafting clear issue reports, and scoping potential PRs to enhance the developer experience.
Conference Advocacy – Represent Truffle Security at conferences, meetups, and security events through talks and demos focused on secret scanning and DevSecOps best practices. You’ll deliver lightning talks and presentations that highlight secret scanning, DevSecOps practices, and TruffleHog’s open-source journey—helping raise awareness across the broader tech and security communities. The ideal candidate is comfortable speaking to both developers and security engineers, and can communicate complex technical value in a way that’s engaging, accessible, and inspiring

What were looking for

Security Expertise: 5+ years of experience within application security, with a strong grasp of AppSec core concepts (OWASP Top 10, OWASP Top 10 API, core CI/CD security risks, vulnerability disclosure, secret management, etc. )
Technical Fluency: 2+ years of hands-on coding experience in DevOps, software engineering, or related fields.

Must be confident in reading, writing, and explaining code.
Able to build example integrations, explain implementation details, troubleshoot issues, and guide users with technical precision.

Clear Communicator & Teacher:

Experience creating technical content (e.g., blog posts, demos, workshops) or delivering presentations.
Skilled at breaking down complex security and development topics into accurate, engaging, and accessible insights for both developers and security practitioners.
Communicates with empathy and humility. We value low-ego teammates who listen actively, teach generously, and make others feel confident in learning and collaborating.

Community-Oriented & Collaborative:

Proven experience engaging with developer, DevOps, or security communities—whether through forums, social platforms, or events
Comfortable collaborating across engineering, security, product, and marketing teams in a fast-paced, cross-functional environment.
Empathetic, humble, and eager to help others succeed!

Bonus points

Knowledge of open-source software
Previous experience in a startup or high-growth SaaS company
Experience with UX design.

Salary range: The target salary range for this position is between $140,000 - $165,000. Starting salary will vary based on job-related skills, knowledge, and experience. Leveling will be determined during the interview process. You may also be offered a bonus, stock options, and benefits. These salary ranges are subject to change, and we encourage candidates outside of this salary range to apply.

How we support our team

A culture of mentorship, equity, and psychological safety – We’re committed to fostering an environment where you can thrive, learn, and feel valued.
Competitive salary & meaningful equity – Be rewarded for your contributions with a strong compensation package and a stake in our shared success.
Flexible paid time off – We operate with a high level of autonomy and trust, giving you the flexibility to take time off as needed—no strict limits, just the expectation that you’re meeting your commitments and getting your work done.
14 paid holidays – Including Thanksgiving, Winter Break, and Truffle Holidays when the entire company takes a well-deserved day off together.
Comprehensive health benefits – Medical, dental, and vision coverage with 80% of premiums covered for you and your dependents.
Remote work stipend – Get set up for success with an $800 new hire stipend and $100/month to keep your workspace comfortable.
Health & wellness stipend – $1,200/year to support your physical, mental, and emotional well-being— we believe that feeling good helps you do great work.
Learning & development stipend – $2,000/year to invest in your growth, whether it’s courses, certifications, or industry conferences.
401(k) match – We match 100% of the first 6% of your contributions on every paycheck, helping you build financial security for the future.
100% remote + company off-sites – Twice a year, we come together in amazing locations like Hawaii, Cabo, and the Rocky Mountains to collaborate and connect.

We’re looking for folks who are interested in being part of the journey to make the internet more secure. The internet is for all, and we believe that diverse experiences and people from all walks of life can contribute to this mission. That said, if what we’re doing resonates with your values, we’d love to have you apply even if you don’t check all of the boxes or match the job description to a tee.

Truffle strives to promote an equitable, inclusive, and psychologically-safe workplace for all who are interested in working with us. All job applicants will be considered throughout the employment process without regard to race, color, ethnicity, religion, sex, sexual orientation, gender perception/identity, age, pregnancy or parental status, disability status, or any other basis prohibited by law. If you are an individual with disabilities and reasonable accommodation is needed throughout the interview process, or to perform essential job functions, please let your recruiter know.

Lastly, we ask that all applicants consider the opportunity to answer a few voluntary demographic questions on the job application. This helps us track the inclusivity of our recruiting initiatives. Answering these questions is entirely optional and your answers will not be shared with the hiring team and will not impact the hiring decision.

Note: Our organization participates in the US federal E-Verify program. We will provide the Social Security Administration, and if necessary, the Department of Homeland Security, with information from each new employee’s Form I-9 to confirm work authorization. We do not use this information to pre-screen job applicants.