You could pick one startup to work for. But why choose? You can also work for a bunch of them simultaneously. We're building a security team that runs security teams for startups. We're a novel firm: we have only one kind of client (startups). We work full-time with them for anywhere between 6 months to going on 4 years now. We do everything a security team does, from software security to cryptography design to AWS and container lockdown to GSuite integrations and mobile device management strategies to product security roadmaps.
Our benefits are pretty nice. We get you the nicest healthcare plan available to us in your jurisdiction and eat the entire premium. Our 401(k) has a 100% contribution match and supports all of the extra tricks including after-tax contributions, in-service rollovers, loans... If you're qualified and interested, we'll help you take equity positions (on investor terms) in some of our clients as well.
We're hiring these roles:
* Secops people, who do cloud and network security and build security power tools. We're particularly but not exclusively interested in GCP experience here. Clojure focus, but we'll teach you.
* Product people, who build tooling and infrastructure: power tools to make all the other consultants better. Clojure focus. [0]
* Corpsec people, who protect endpoints and IT assets and put vendors through the security wringer.
[0]: We'll also teach you Clojure here and are set up to do that, but I'm currently less sanguine about our ability to appropriate support someone new to Clojure here than in Secops, which has a more closely defined remit. That'll change once we hire 1+ more senior Clojure person.
We're good at bringing new folks into the industry and we have the track record to back that statement up. If you're already in security that's great but if there's anything we've learned from this is that I'll take a skilled IC from the non-security side (e.g. devops or IT) and focus them on the security angle than taking existing security people in one field and point them at a new one (e.g. appsec -> corpsec). So, if you want to get into security...
Full-time only. Remote fine. Primarily US.
We're working on having international EORs at the ready, but it's not something we have completely down to a science yet and is a reasonably big lift (so, maybe, for the right candidate, and probably depends which country). We can't do contractors for directly client facing work like secops and corpsec. Contractors for product, especially if it's not full-time, would be a lift but happy to figure that out for the right candidate.
You could pick one startup to work for. But why choose? You can also work for a bunch of them simultaneously. We're building a security team that runs security teams for startups. We're a novel firm: we have only one kind of client (startups). We work full-time with them for anywhere between 6 months to going on 4 years now. We do everything a security team does, from software security to cryptography design to AWS and container lockdown to GSuite integrations and mobile device management strategies to product security roadmaps.
Our benefits are pretty nice. We get you the nicest healthcare plan available to us in your jurisdiction and eat the entire premium. Our 401(k) has a 100% contribution match and supports all of the extra tricks including after-tax contributions, in-service rollovers, loans... If you're qualified and interested, we'll help you take equity positions (on investor terms) in some of our clients as well.
We're hiring these roles:
* Secops people, who do cloud and network security and build security power tools. We're particularly but not exclusively interested in GCP experience here. Clojure focus, but we'll teach you.
* Product people, who build tooling and infrastructure: power tools to make all the other consultants better. Clojure focus. [0]
* Corpsec people, who protect endpoints and IT assets and put vendors through the security wringer.
[0]: We'll also teach you Clojure here and are set up to do that, but I'm currently less sanguine about our ability to appropriate support someone new to Clojure here than in Secops, which has a more closely defined remit. That'll change once we hire 1+ more senior Clojure person.
We're good at bringing new folks into the industry and we have the track record to back that statement up. If you're already in security that's great but if there's anything we've learned from this is that I'll take a skilled IC from the non-security side (e.g. devops or IT) and focus them on the security angle than taking existing security people in one field and point them at a new one (e.g. appsec -> corpsec). So, if you want to get into security...
Full-time only. Remote fine. Primarily US.
We're working on having international EORs at the ready, but it's not something we have completely down to a science yet and is a reasonably big lift (so, maybe, for the right candidate, and probably depends which country). We can't do contractors for directly client facing work like secops and corpsec. Contractors for product, especially if it's not full-time, would be a lift but happy to figure that out for the right candidate.
https://latacora.com/careers
careers@latacora.com