We are looking for security-focusedengineers and researchers to join our client's security consulting and researchpractice. Job duties will include penetration testing, security analysis, andcutting-edge research into current technologies and attacks.
What you'll be doing:
You will spend most of your daythinking about security systems and how you can break them. This is a verycreative job that gives individuals a lot of freedom to be clever whilelearning new technologies at a very fast pace. Typical engagements will pairyou with another experienced security consultant, and you will learn from eachother along the way. Engagements are usually 2-4 weeks long. During your normalcustomer work, you will be exposed to a wide variety of products and technologystacks. You will have enormous impact in making the software people use safer.You will also be a security researcher, with dedicated research time.
Our client has a casual, socialculture, with people from diverse backgrounds who eat, drink and breathesecurity. Office attire ranges from t-shirts to pret-a-porter. Typically, youwill see client employees heads-down on an engagement, until they pop upmomentarily to chat with colleagues over a quick game of foosball, ping-pong,or chess. They are a social group and their various offices organize socialoutings or office events that are quite popular. For the most part, they'llwant you to come into the office (Austin, Chicago, New York, San Francisco, Seattle, or Sunnyvale),but we have some flexibility for remote employees or work from home days.
A normal client engagement will lastapproximately 2-4 weeks, and involve anywhere from 1-3 consultants. There aredefinitely exceptions, though. They test web applications and mobile apps,networks, sandboxes, kernel components, custom client-server applications,hardware and firmware, stand-alone applications and more, and also do somesocial engineering and physical penetration testing. Their customers are a mixof large software, hardware, and hosted application providers, start-ups,financial services companies, and more. Just today, you?ve probably used a lotof things they?ve tested. They crawl around in the ventilation ducts of theworld's most popular and important applications.
Our client is a consultancy and soemployees go to client sites when necessary. That being said, they're alwaysworking with clients to deliver remote work whenever possible. They presume ifyou take up residence in a city, it's because you want to be there. They try toproactively monitor travel so that no one is constantly being sent around thecountry (unless they volunteer). By and large, our client is a company run bysecurity consultants, and they have no interest in burning themselves out.
Research is at the foundation of ourclient and the work that they do. They speak at top-tier security conferencesall over the world. All of their consultants receive time and resources tosupport their research endeavors. Research is rewarded with substantial bonusesfor speaking at conferences, writing whitepapers, and creating tools.
Our client sponsors numeroussecurity events around the country, including a quarterly security speakerseries, Open Forum, in every region where they have an office. They supportgreat research, regardless of its origin.
The Hiring Process:
Our client believes they are thebest in the industry at what they do. They'realwayslookingto add great people to the team.
Are you a seasoned infosecconsultant?
Have you always been interested in security but not sure how toland a career in it?
Do you know how to develop and write code, but don't knowhow that translates into a security role?
Are you graduating soon from asecurity program and want to join the team?
Great! No matter which of theseapplies, you've come to the right place.
They like their recruiting processto be transparent to all candidates. It consists of the followingsteps:
1.An initialcall between you and a member of the team.They'll tell you more about the company, the work that theydo, a day in the life of one of their consultants, and why we think the companyis a great place to work. Our pitch, basically. You'll surely have somequestions for them. Ask away! They will also have some basic technicalquestions on this call, but they are more for scoping your experience, ratherthan to determine if you move forward.You will move forward past thispoint.
2.Technicalphone interviews.They'llconnect you with members of their team for more in-depth technicalconversations to see what you know and how your mind works.
3.Practicalchallenges. They have several at their disposalthat they can use to gauge practical abilities in areas like web application,network security, and protocol analysis. Most candidates will complete both theweb and protocol challenges.These challenges aren't meant to be imposing.Theywill arm you with resources allowing you to prepare adequately to besuccessful.
4.In-personinterviews.They now have a good sense of yourskillset. If it seems like a good fit, they?ll bring you in to meet with theteam in your preferred region for some final interviews.
5.Theoffer.If you made it this far, hopefully they'vehired you!
You Have Questions: