Got chops and curiosity? We are always looking for the best, the brightest, and the boldest to join our team of professionals. We review resumes year-round from people interested in joining a team of security experts encouraged to push the limits of research to the next level. For those who are willing to pursue excellence, we offer competitive pay, great benefits, a fun office culture, and the chance to make a lasting impact in the world of computer and information security.
WHO ARE WE?
Deja vu Security is a team of expert security consultants that help secure products for the Fortune 500 technology companies. Whether we're testing individual ICs or the world’s biggest cloud services, we are among the best in the field. We do the work of quiet professionals, and although sometimes projects we helped secure end up being featured in The New York Times or Reddit, we never need that kind of coverage to know we are always doing our best work.
These are just some of the things we do:
- Embedded Device security
- Web Apps
- Hardware and components
- Web APIs
- Language Runtimes
- Cloud Services
- SCADA Systems
As a Trusted Advisor:
- Design review
- Code review
- Threat modeling
- Architecture review and design
- Threat analysis
- Risk prioritization
WHAT IS THE SPLIT OF WORK?
We do a lot of embedded, web, and native (C/C++) work. Everything else falls into whatever interesting thing walks in the door. We do some network penetration testing but no compliance work. We try to move individuals around on engagements so they get experience in different types of work and can build cross-technology skills.
OFFICE CULTURE AND TRAVEL
We have a strong office culture in Seattle, WA. As such, we expect someone that joins our team to relocate to Seattle, WA. We work hard to minimize travel; some people like it and some people hate it. But we do our best to keep it low. Our customers tend to be on the coasts, so our travel tends to be in cities on the coast. It is rare we end up in a suburb of Nebraska.
There is a fair amount of customer onsite time. We’re trusted by our customers to help secure some of the world’s newest technology. As a result, face to face time with our customers is indispensable.
DEVELOPMENT PLAN, MENTORSHIP, AND CAREER PATH
Everyone that joins Deja vu Security gets a development plan and a career path. You’ll work with your manager to get to the next stage in your career and develop technical, customer, and writing skills. We believe in providing value to our customers and the only way to do that is to communicate clearly and succinctly.
When you join Deja vu Security, you start as a shadow on an engagement where you learn our process and methodologies. From there, you are a part of team of individuals that break into and test all manner of software and hardware. Finally you progress to being the team lead, the individual responsible for creating the how and why of enumerating as much risk as possible in the components for any given engagement.
With Deja, the sky is the limit! There are paths to becoming a technical principal, management, and leadership roles. We are the place you can never outgrow.
Deja believes research is the only way to push the boundaries for finding bugs and fixing larger problems. We have an internal process for providing research time to individuals so they can showcase their skills to the world. We sponsor, attend, and present at several conferences a year. Not everyone gets to go to every conference but we try, and make sure everyone gets out. A few of the conferences we’ve presented, sponsored, or attended include: Blackhat, Defcon, RSA, CanSecWest, Shmoocon, Toorcon, ToorCamp, Toorcon Seattle, Recon, SummerCon, and many more.
OUR HIRING PROCESS
Are you interested in application security and development? Applicants must have a strong interest and some experience in security. Can you code? Ever member of our team codes in some capacity. We're happy to talk about our field and what we do. Some of the best people we've worked with didn't have a formal security background.
Our hiring/interviewing process is as follows:
- Initial Phone Interview: This is a 30-minute phone call where we'll talk to you about the company and what our work looks like. At the end of this call you should have a good idea of what we do, how our hiring process works, and answers to questions about Deja vu Security.
- Technical Phone Interviews: We do 1-3 technical phone interviews. These usually last 30-60 minutes depending on the position you're applying for. You'll talk to a senior Deja team member who will ask you about your technical background and talk you through scenarios and concepts from our day-to-day work. Candidates need to be prepared to speak on security related to topics about:
- Native Languages
- In-house Interviews: You'll be invited into our Seattle office for a day of interviews and challenges. You will meet the team, interview with several staff and work through several technical challenges. The challenges are timeboxed and may include:
- A web app challenge. Most software written within the last several years is web code. You'll be given an instance of a vulnerable web application.
- A find the bug challenge. Finding bugs is at the core of the work we do. You'll be asked to work through some code and find the vulnerabilities in it.
- You will write some code or a fuzzer. We'll give you a target and in the language of your choosing, you'll write some code to take it over. This gives us a chance to see how you code and to see what types of things you automate testing for.
FREQUENTLY ASKED QUESTIONS
This looks complicated. How long does it take?
Not that long! Our goal is not to take more than a few weeks from start to finish. Please understand that things can get busy here. At the beginning of the process, you'll be contacted by our Operations Manager. If you have questions during the process, don't hesitate to contact them.
Do you have a list of current openings?
Yes. We are always hiring security consultants. Here are the job descriptions for security consultants and any other positions we're hiring for.
I don't see a position posted for something I'm interested in. Can I still submit my resume?
We’re happy to look at resumes from people interested in joining our team. Please send any employment-related inquiries to firstname.lastname@example.org.
How much industry experience do I need to be a good fit for Deja?
We're always happy to talk to anyone who can code and is interested in security. We're almost always hiring both junior and senior staff to meet the demand.
Do I need to know how to code?
Yes. Everyone from our interns to senior staff have responsibilities that include code work. The level of difficulty is based on the work you're doing but each role includes some coding.
What technical languages do I need to know?
We do a lot of embedded, web, and native (C/C++) work. Most Deja team members know C, C#, and/or Python; we'd like everyone to. Knowing C is a major win in application security! If you don't know it, we have resources to help you pick it up. Being enthusiastic about getting in fluent in C is something we like to hear; be sure to tell us.
Can I work remote for Deja vu Security?
We'd love to find a way to work with you, and we're happy to talk to you. However, you should know that we require services team members to work from our Seattle office. We are happy to relocate candidates.
Do you have internships?
We have paid internships year-round. Interns do roughly the same things team members do, with a focus on tools development and research. The process for getting an internship here is similar to the process above, but abbreviated. Like all our roles, our internships are in Seattle. Contact us for more information.