Job posting · HN Jobs

A searchable index of Hacker News “Who is hiring?” job postings.

← All postings · December 2014 thread

Job posting (auto-parsed — see raw text)

Website	matasano.com ↗
Role taxonomy	Security
Specialties	Security
Location	—
Salary	—
Apply via	Email — careers@matasano.com
Hiring notes	—
Posted by	jjarmoc
Posted	Dec 1, 2014
Source	View on Hacker News ↗

Original posting

-- .- - .- ... .- -. --- ... . -.-. ..- .-. .. - -.-- Matasano Security - Chicago. New York City. Sunnyvale. Job Title: Application Security Consultant -- .- - .- ... .- -. --- ... . -.-. ..- .-. .. - -.-- Once a professor shared a piece of career advice with me. "Don't call yourself a coder," he said, "anyone can learn to code, but programming takes real skill." His words have stuck with me since. Coding was, in his description, the mere act of producing something a computer can interpret and act upon. Programming, however, seeks elegance and simplicity through considered design and thought that transcends the code itself. While both take skill, the goals are different and they can be thought of as distinct disciplines. Application Security, I've come to believe, is yet another discipline with a slightly different focus. 'Coders' focus almost exclusively on iterating until they achieve a desired result. 'Programmers' might test and refine to improve performance and reduce resource consumption. But with an Application Security perspective, we instead look at unintended functionality and edge cases that give rise to problems; 'What if' scenarios involving abuse cases that weren't part of the original design. It's yet another way of looking at the same application, with a different goal and different outcome. At Matasano, we don't build software, we break it. We find, exploit, document, and prioritize flaws so the application's developers can address them. We identify when security controls are effective, and note areas for improvement. We review use cases, identify abuse cases, and help guide future development efforts. We work across a wide variety of applications ranging from simple web apps, to complex hardware appliances. From HTTP to proprietary encrypted protocols, and everything in between. As a team, we're as comfortable with ROP chains and memory corruption vulnerabilities as Cross-Site Scripting and SQL Injection. As individuals, we excel in our areas of focus while cross-training and broadening our skills. We're among the leaders in our industry and community, and give back through research, tools, and practice environments. If improving the state of software security while kicking up some dirt in the process seems like fun, check us out. If you're fueled by pride of finding unexpected solutions, we have plenty of challenging problems for you. If you're not content to be a 'coder' and long for something more fulfilling, get in touch. -- .- - .- ... .- -. --- ... . -.-. ..- .-. .. - -.-- careers@matasano.com or www.matasano.com for more info -- .- - .- ... .- -. --- ... . -.-. ..- .-. .. - -.-- Curious about Crypto? - www.cryptopals.com Mesmerized by Memory Corruption? - www.microcorruption.com -- .- - .- ... .- -. --- ... . -.-. ..- .-. .. - -.--