What's in this page
If you’re interested in any of these roles, please fill out this form and e-mail us at careers at latacora dot com.
Latacora runs the security team for a diverse list of clients at different levels of maturity.
We design, review and test the products that our clients ship. That means we get broad technology exposure. We’ve had clients with stacks including Python, Go, Ruby, Node, Java, and Clojure, running on every AWS, GCP or Azure service you can think of. We work directly with development teams, feature by feature, PR by PR. Like most security consultancies, we find bugs, but we also get a say in how they’re fixed, how development environments are hardened, and how features are designed.
We continually monitor networks, cloud environments, containers, orchestration and infrastructure, and even endpoint fleets. We build software to do that, and build things on top of existing open source tooling or commercial products.
We vet the software our customers use, the services they integrate and how they integrate them, the way they deploy software, the way they manage devices and the ways they authenticate to internal tools and third parties.
If you’ve ever been curious about doing security for a startup, you get to do this for a whole bunch of startups at the same time, working with a people who share that interest.
We’re a remote-first company with an emphasis on the US, because that’s where our clients tend to be.
We were founded in 2016 and have grown to 50+ employees. We have competitive salaries, pay the employee (and family) premium for health care costs, generous vacation and leave policy that includes paid vacation days, company holidays, floating holidays, unlimited sick/personal days, paid parental leave (16 weeks!), paid medical leave (different than parental leave), paid military leave and have an awesome 401(k) where we match 1:1 up to the federal amount and has all the other fun stuff like mega backdoor Roth and generous loan provisions.
We’re a consultancy, but a weird kind of consultancy, where we maintain multi-year relationships with clients. We don’t travel.
Our security engineering roles are all client facing. We have different focuses; some of us specialize in cloud security, others in software security, others on cryptography, and others on policy stuff. We don’t have salespeople or a business team.
We write a ton of software and infrastructure as code. Most of what we write ourselves is in Clojure and Terraform.
Writing is an important skill. Most of our communication with clients is via Slack and video calls. We write internal knowledge base articles, client-facing documents, and sometimes blog posts. Being able to express your thoughts in writing is important.
We don’t focus on your educational background, GitHub profile, or your ability to write code on a whiteboard. What we are interested in is your aptitude and enthusiasm for problems we work on. We are still interested to have your resume on file because sometimes folks have cool experience or background skills we will never know otherwise. We don’t care how many years of professional experience you have. We don’t care if you went to college or have a degree. The way we figure out if you’re a good fit for Latacora is with a work sample test. Some of our best hires have resumes that wouldn’t get them a phone screen at other companies.
We’re not big believers in 4-8 hour structured technical interviews. Our main focus is on the work sample tests but we’ll still want to chat with you to demonstrate we’re both humans.
We give our candidates a series of challenges, time-calibrated to take about the same amount of time as a reasonable startup interview loop. Our challenges are scored on a rubric. This means everyone passes the same bar for the same role, and the system is engineered to be as objective as possible. And we mean everyone: “known quantity” hires don’t get to bypass the test.
You fill out the form.
We let you know if we’re currently hiring (if no positions are listed above).
You’ve read the careers page either (a) ask us to send you resources that will help prepare you for the challenges or (b) ask us to get the first challenge set up or (c) ask to set up a call to ask any lingering questions you may have.
Whenever you’re comfortable, you’ll do challenges. On your couch, or in the park, or whatever. We’ve calibrated each challenge to take a certain amount of time; we did that to respect your time, not to make you work against a clock. If you want to noodle on a challenge for awhile, you can; we do our best to make sure you don’t have to do that to qualify.
We use the rubric to score your results. That tells us if there’s a good fit right now.
If things are going swimmingly, we’ll get an interview set up which generally lasts between an hour and a half to two hours, depending on the team. Why? We’re a consultancy who still meets with clients regularly and need to be able to communicate effectively with people in real time.
If all has gone well, either you’ll chat with a partner or just get an offer.
The process can run pretty quickly or as slowly as you want, but it really depends on whether we have open positions. We’ll let you know early on, and you can choose what to do/how to proceed. No matter what, you will need to go through the entire process to be considered for an open position and specify if you want to be recommended for a potential opening at one of our clients. Questions? Please send us an email!