Main Icon

L a t a c o r a

Careers at Latacora

Latacora bootstraps security teams for startups. We’re a place where you can work with startup technology but get real benefits and an environment that lets you do security R&D. We consciously also hire junior folks, and work towards being an antiracist and inclusive organization.

Working at Latacora

  • Roles We're Hiring For Now as of 03/30/21

    If you’re interested in any of these roles, please fill out this form and e-mail us at careers@latacora.com.

    You do not need to know all of the things listed in a job description! None of us do; we’re just throwing out topics to give you an idea of the projects you might be working on in that role. We also do plenty of research work: there’s absolutely no expectation that you’re already an expert across the board.

    • CorpSec: Someone who takes responsibility for the first layer between our clients’ staff and the systems they operate with. That includes mobile device management, SSO systems, desktop software, vendor security (figuring out if a service is safe to use), Google Workspace applications, et cetera.(Full-Time only, no contractors at this time)

  • About Latacora

    Latacora runs the security team for a bunch of startups. Want to hear more? Too bad! Here’s more!

    We review and test the products that our clients' ship. That means we get broad exposure. We’ve had clients with stacks including Python, Go, Ruby, Node, Java, and Clojure, running on every AWS and GCP service you can think of. We work directly with development teams, feature by feature, PR by PR. Like most security consultancies, we find bugs, but we also get a say in how they’re fixed, how development environments are hardened, and how features are designed.

    We continually monitor networks, cloud environments, containers, orchestration and infrastructure, and even endpoint fleets. We build software to do that, and build things on top of existing open source tooling. Our clients are mostly in AWS, and about a third are in GCP. We have a tiny bit of Azure, though usually those are our clients’ clients’ environments.

    We vet the software our customers use, the services they integrate and how they integrate them, the way they deploy software, the way they manage devices and the ways they authenticate to internal tools and third parties.

    If you’ve ever been interested in doing security for a startup, you get to do this for a whole bunch of startups at the same time, working with a bunch of people who decided that this was all they wanted to do.

    We’re good at bringing new folks into the industry and we have at the track record to back the statement up. If you’re already in security that’s great, but we’re also willing to work with skilled individuals from the non-security side (e.g. DevOps or IT) and train them in security.

  • Some Important Details

    We’re all over the US but our center of mass is the Chicago office. (It just worked out that way!) We’ll happily hire remote, but we try to meet up at least a couple times a year (not right now due to COVID-19 of course), usually in Chicago.

    We were founded in 2017 and have grown to 30+ employees. We have competitive salaries, pay the employee (and family) premium for health care costs; generous vacation and leave policy that includes paid vacation days, company holidays, floating holidays, unlimited sick/personal days, paid parental leave (16 weeks!), paid medical leave (different than parental leave), paid military leave and have an awesome 401(k) where we match 1:1 up to the federal amount. For a 30 person company, we’re pretty proud of our benefits package and we are always trying to improve.

    We’re a consultancy, but a weird kind of consultancy, where we maintain multi-year relationships with clients. We rarely travel.

    Our security engineering roles are all client facing. We have different focuses; some of us specialize in cloud security, others in software security, others on cryptography, and others on policy stuff. We don’t have salespeople or a business team.

    We write a ton of software and infrastructure as code. Most of what we write ourselves is in Clojure. Python is a close second. We get that Clojure is not a common language and we will absolutely train you up in it.

    Writing is an important skill. Most of our communication with clients is via Slack (though we also get on video calls regularly). We write internal knowledge base articles, client-facing documents, and sometimes blog posts. Being able to express your thoughts in writing is important. We’ll coach you to develop that skill, and we’ve hired editors to help make your ideas have maximum impact.

  • How We Hire

    We don’t focus on your educational background, GitHub pages, Twitter profile or your ability to write code on a whiteboard. What we are interested in is your aptitude and enthusiasm for problems we work on. We are still interested to have your resume on file because sometimes folks have cool experience or background skills we will never know otherwise. We don’t care how many years of professional experience you have. We don’t care if you went to college or have a degree. The way we figure out if you’re a good fit for Latacora is with a work sample test. Some of our best hires have resumes that wouldn’t get them a phone screen at other companies.

    We’re not big believers in 4-8 hour structured technical interviews. Our main focus is on the work sample tests but we’ll still want to chat with you to demonstrate we’re both humans.

    We give our candidates a series of challenges, time-calibrated to take about the same amount of time as a reasonable startup interview loop. Our challenges are scored on a rubric. This means everyone passes the same bar for the same role, and the system is engineered to be as objective as possible. And we mean everyone: “known quantity” hires don’t get to bypass the test.

  • Our Process, Step By Step

    • You fill out the form.

      * You’ve read the careers page either (a) ask us to send you resources that will help prepare you for the challenges or (b) ask us to get the first challenge set up or (c) ask to set up a call to ask any lingering questions you may have.

      * Whenever you’re comfortable, you’ll do challenges. On your couch, or in the park, or whatever. We’ve calibrated each challenge to take a certain amount of time; we did that to respect your time, not to make you work against a clock. If you want to noodle on a challenge for awhile, you can; we do our best to make sure you don’t have to do that to qualify.

      * We use the rubric to score your results. That tells us if there’s a good fit right now.

      * If things are going swimmingly, we’ll get an interview set up which generally lasts between an hour and a half to two hours depending on the team. Why? We’re a consultancy still who meets with clients regularly and need to be able to communicate effectively with people in real time.

      * If all has gone well, either you’ll chat with a partner or just get an offer.

    The process can run pretty quickly or as slow as you want it but it's really dependent if we have open positions. We'll let you know early on and you can choose what to do/how to proceed. No matter what, you will need to go through the entire process to be considered for an open position and specify if you want to be recommended for a potential opening at one of our clients. Questions? Please shoot us an email!

Icon Leaf

Want to know more?

We’re happy to answer questions or offer advice, you can’t waste our time!