Truffle Security Co.

We founded Truffle Security Co. in 2019 to build open-source security software in the computer and network security industry. We help secure sensitive data by automatically detecting and remediating leaked keys and credentials.

Our main product, TruffleHog, scans environments for secrets like private keys, API keys, passwords, and tokens. It finds exposed non-human identities (NHIs) and their secrets from many sources, including source code, chat systems, support tickets, and platforms such as GitHub, Google Cloud, and Slack. TruffleHog scans beyond current code to include hidden content, deleted code, and version history. It detects secrets across the entire Software Development Life Cycle (SDLC), verifies them directly with key providers for accuracy, and analyzes them in depth to identify resources and permissions associated with NHIs and secrets. TruffleHog also continuously monitors key types to track remediation status and offers an automated process for developers to revoke leaked secrets, with automatic re-verification. TruffleHog runs over 250,000 times daily and has over 23,000 GitHub stars. TruffleHog Enterprise provides additional visibility, verification, and collaboration tools for teams managing NHIs and their secrets. Our products are used by dev and security teams, from open-source projects to global enterprises.

Our mission at Truffle Security Co. is to secure sensitive data by detecting and remediating leaked keys and credentials. We aim to make security issues more identifiable, accessible, and easier to fix, building the best product for machine identity protection.

Our work culture follows several principles:

• “Security first” means we emphasize integrity and trust in our products and actions.
• “Try experiments!” encourages responsible experimentation, new ideas, creative solutions, and viewing challenges as opportunities for innovation and learning.
• “Student and sensei” reflects our belief in mutual knowledge exchange and continuous growth.
• “Better together” means we champion diversity and inclusion, encouraging collaborative progress.
• “Make it happen” highlights our trust in team members to own their work’s value and rewards.

Truffle Security Co. has 11-50 employees and is a fully remote organization, offering flexibility in work location. Its culture is built on principles such as “Security first,” which focuses on integrity and trust; “Try experiments!” to foster innovation; “Student and sensei” for mutual knowledge exchange; “Better together” promoting diversity and inclusion; and “Make it happen” empowering employees with ownership. Dylan Ayrey (CEO) and Dustin Decker (CTO) co-founded the company.

We offer 100% remote work with the flexibility to work from anywhere. We provide unlimited PTO and 21 paid company holidays, including a “Winter Holiday” and Truffle “Away Days.”

We cover comprehensive health, dental, and vision benefits for employees and their dependents, with 80% of dependent premiums covered. Employee Assistance Program (EAP) services, covering financial coaching and mental health, are available. We also provide a lifestyle & wellness budget of $1,200 per year and a learning and development budget of $2,000 per year.

Our compensation includes a 401(k) with a 6% employer match and employee-friendly equity terms. We hold biannual company offsites, company-sponsored lunch & learns, socials, and team retreats. We also provide 12 weeks of parental leave.