Who is Casaba?

Casaba Security is a cybersecurity consulting firm. The term 'cybersecurity' means different things to different people, and encompasses many aspects of the technology we all use on a daily basis. From the mobile device in your pocket, to the desktop software you use every day, to mission-critical systems that power our lives, Casaba has been there to design and test security.

What kind of work does Casaba do?

We're security advisors, engineers, and testers. From threat modeling to penetration testing to writing secure code, there are many aspects of the niche focus we call 'security' that take place on a daily basis. We at Casaba work on long-term engagements building and executing security programs for our clients, and we work on short-term jobs that may span a few days or a few weeks of investigating a new cloud service, video game, mobile platform, or retail outlet. There's plenty of variety to this work, and while the field of cybersecurity itself has many niches, there is a certain amount of generalized technology knowledge that's required to perform this role well.

What does Casaba require in a candidate? Do I need to know how to write code?

We are always looking for anyone from the recent graduate to the experienced programmer. But, we aren't just looking for tech people. We're looking for people who are hungry for knowledge and constantly thinking about security - how software and systems can fail and how they can be improved. Our lives revolve around code. Anyone wishing to work in this field should know how to write code, whether it's scripting, writing native apps, or building Web applications you must have some technical chops. Beyond that, a passion for security and digital privacy are key. This isn't a normal job. The tasks aren't always clearly defined, and the requirements aren't always known. A passion for this type of work will feed the creative process, something which you must possess in order to think and act like a focused attacker or defender. Our clients depend on us to find the problems that nobody else thought of, and we rely on each other working either individually or as a team, to do the same.

Do I have to live in Seattle and is travel required?

In most cases we will want you to be in the Seattle area with us. However there are always exceptions, and for the truly talented we will make them. So get in touch and lets find out, we're also happy to help with relocation if that's an option.

There may be some travel, but many of our jobs stay put locally. We're definitely not a consulting company that has their folks on the road three or four weeks a month. If anything, travel comes in small spurts, but doesn't happen continuously. And if you don't want to travel, you don't have to.

What does the hiring process look like?

First, get in touch. We'll want to see your resume and understand your background and technical skill set. Then we'll setup a few phone interviews. The first couple will usually be so we can get to know each other better, personally and professionally. Then we'll want to setup a more technical interview. At first this will be scenario-based challenges - we will present a security scenario for you to think through so we can get a better idea of where your knowledge is at with Web, crypto, and native technologies. Then we'll follow up with a challenge which may include a Web app assessment, find-the-bug, or we may ask you to write some code or a fuzzer to demonstrate yourself.

Benefits?

We pay regular bonuses to all employees and reward based on performance, whitepaper and tool development, speaking engagements and helping us recruit new talent. We also offer all employees a Simplified Employee Pension (SEP) after a period of tenure. It's a unique opportunity to be afforded this type of retirement package over the more traditional 401k. We pay health insurance for employees and dependents and offer generous paid vacation and sick leave.


Open Positions

We're always looking for strong folks who want to make a start in the security field as security consultants, as well as professionals who can bring years of accomplishments and want to work as senior or principal consultants. If you're interested in one of these positions or want to pitch to us on another role you can offer, then please get in touch.