Skip to the end to see some roles we’re actively looking to fill right now. Then skip back to the top and read the rest of this because it took me a long time to type.

If You’re Reading This, Chances Are We’re Hiring

Latacora runs the security team for a bunch of startups. Want to hear more? Too bad! Here’s more!

We review and test the code startups ship, on stacks including Python, Go, Ruby, Node, Java, and Clojure. When we get the opportunity to secure an OCaml startup, we’ll be doing that too. We work directly with development teams, feature by feature, PR by PR; like most consultancies, we find bugs, but we also get a say in how they’re fixed, how development environments are locked down, and how features are designed.

We lock down and continually monitor networks, cloud environments, containers, orchestration and infrastructure, and even endpoint fleets. We build software to do that, and build things on top of existing open source tooling.

If a security team at a startup is doing something for their company, chances are it’s a thing we work on as well. We’re happy to to answer any questions about the work you might have.

If you’ve ever been interested in doing security for a startup, we’re a chance to do that for a whole bunch of startups at the same time, working with a weird bunch of people who decided that this was all they wanted to do. If that sounds fun, let’s talk!

Some Important Details

We’re based in Chicago and New York. We have an office in Chicago and most people who work for us are in that office semi-regularly.

We’ll help relocate. But if you’d rather stay where you are, can legally work in the US, and are OK with periodically visiting us in Chicago, we’ll happily hire remote.

We’re an actual company. We pay full-time salaries, and offer health benefits and paid vacation and all that jazz.

We’re a consultancy, but a weird kind of consultancy, where we maintain years-long relationships with clients, and everyone has a hand in every project. We rarely travel.

Everybody in the company is a software developer, and everyone delivers work for clients. We have different focuses; some of us specialize in software security, others in AWS security, others on cryptography, and others on policy stuff. We don’t have salespeople or a business team.

How We Hire

We don’t care about your resume, like, at all. We hire almost resume-blind (if you send us a resume, we’ll read it, but we’ll probably forget about it before we get on the phone).

We don’t believe in interviews. We’ll interview you, at the end of our process, but by the time we do we’ll be pretty sure we want to hire you.

Rather than your work history, educational background, Github pages, Twitter profile, or your ability to write code on a whiteboard, we’re interested in your aptitude and enthusiasm for the problems we work on. The way we figure that out is with work-sample tests.

We give our candidates a series of challenges, time-calibrated to take about the same amount of time as a reasonable startup interview loop. Our challenges are designed to be scored on an “objective” rubric.

Our Process, Step By Step

  1. We’re going to get on a call, and tell you more than you want to know about the company and our hiring process. You’ll get a name and a voice and contact information that you can use for the rest of our hiring process.
  2. We’ll prep you for challenges. For instance: everyone (regardless of role) get a basic software security test. We’ll try our best to make sure you’re ready for it; there are books we like for boning up on this stuff, and we’re happy to send them. We have a practice version of the challenge you can take your time with. We don’t want to surprise you; we want to see you in the best possible light.
  3. You’ll do challenges. On your couch, or in the park, or whatever. We’ve calibrated each challenge to take a certain amount of time; we did that to respect your time, not to make you work against a clock. If you want to noodle on a challenge for awhile, you can; we do our best to make sure you don’t have to do that to qualify.
  4. If there’s a good fit right now, our challenge-review robuts have ascertained that. We’ll ask you to come out and meet us in person; when we do that, you’ll know we’ve tech’ed you out and want to find a way to hire you, which we hope makes that last interview pretty laid back.
  5. If all has gone well, we’ll get you an offer and figure out when you can start.

If you want to move quick, we can wrap this up inside of 2 weeks. If you want to take your time, you can do that too. We’re almost always hiring and don’t do ruthless recruiter things to speed candidates up or lock them in.

Roles We’re Hiring For Now

Everyone here does a little of everything. We don’t have a kind of team member who doesn’t write code. But there usually are some particular things we’re looking for.

Secops: Someone who can be comfortable delivering security for infrastructure and cloud/container automation projects. Projects include SSO systems, AWS least-privilege and lockdown automation, K8s, SSH CAs, osquery, monitoring, and yelling at people on Hacker News about these subjects.


Mail us at