Skip to the end to see some roles we’re actively looking to fill right now. Then skip back to the top and read the rest of this because it took me a long time to type.
Latacora runs the security team for a bunch of startups. Want to hear more? Too bad! Here’s more!
We review and test the code startups ship, on stacks including Python, Go, Ruby, Node, Java, and Clojure. When we get the opportunity to secure an OCaml startup, we’ll be doing that too. We work directly with development teams, feature by feature, PR by PR; like most consultancies, we find bugs, but we also get a say in how they’re fixed, how development environments are locked down, and how features are designed.
We lock down and continually monitor networks, cloud environments, containers, orchestration and infrastructure, and even endpoint fleets. We build software to do that, and build things on top of existing open source tooling.
If a security team at a startup is doing something for their company, chances are it’s a thing we work on as well. We’re happy to to answer any questions about the work you might have.
If you’ve ever been interested in doing security for a startup, we’re a chance to do that for a whole bunch of startups at the same time, working with a weird bunch of people who decided that this was all they wanted to do. If that sounds fun, let’s talk!
We’re based in Chicago and New York. We have an office in Chicago and most people who work for us are in that office semi-regularly.
We’ll help relocate. But if you’d rather stay where you are, can legally work in the US, and are OK with periodically visiting us in Chicago, we’ll happily hire remote.
We’re an actual company. We pay full-time salaries, and offer health benefits and paid vacation and all that jazz.
We’re a consultancy, but a weird kind of consultancy, where we maintain years-long relationships with clients, and everyone has a hand in every project. We rarely travel.
Everybody in the company is a software developer, and everyone delivers work for clients. We have different focuses; some of us specialize in software security, others in AWS security, others on cryptography, and others on policy stuff. We don’t have salespeople or a business team.
We don’t care about your resume, like, at all. We hire almost resume-blind (if you send us a resume, we’ll read it, but we’ll probably forget about it before we get on the phone).
We don’t believe in interviews. We’ll interview you, at the end of our process, but by the time we do we’ll be pretty sure we want to hire you.
Rather than your work history, educational background, Github pages, Twitter profile, or your ability to write code on a whiteboard, we’re interested in your aptitude and enthusiasm for the problems we work on. The way we figure that out is with work-sample tests.
We give our candidates a series of challenges, time-calibrated to take about the same amount of time as a reasonable startup interview loop. Our challenges are designed to be scored on an “objective” rubric.
If you want to move quick, we can wrap this up inside of 2 weeks. If you want to take your time, you can do that too. We’re almost always hiring and don’t do ruthless recruiter things to speed candidates up or lock them in.
Everyone here does a little of everything. We don’t have a kind of team member who doesn’t write code. But there usually are some particular things we’re looking for.
Secops: Someone who can be comfortable delivering security for infrastructure and cloud/container automation projects. Projects include SSO systems, AWS least-privilege and lockdown automation, K8s, SSH CAs, osquery, monitoring, and yelling at people on Hacker News about these subjects.
Mail us at email@example.com.