Security engineer wanted!
Can your code and designs survive determined real-life attackers? Root Labs is looking for an engineer that wants to take on difficult security problems. Our customers ship products including operating systems and consumer electronics (Blu-ray DVD, game consoles, mobile phones). We take apart their products to find potential flaws and design/implement solutions that give them the upper hand in surviving the attack/response cycle.
You are a programmer who excels in the systems environment. You enjoyed and did best in the OS, compiler, and networking classes in school. You are adept at skimming 800-page specs and noting inconsistencies, especially those with security ramifications.
If so, we want to hear from you.
We are a startup that has been in business nearly 3 years, profitable and growing. We are located in Oakland, CA. Here are some past projects to give you more of an idea what we do each day:
- Reverse-engineered an RFID transponder and protocols
- Designed and built a system of custom code generators to automatically create per-disc DVD protection
- Created an OS X kernel module for virtualized rootkit detection
- Built a bytecode manipulation library to rewrite Java class files on-the-fly
- Broke a device driver-based protection scheme and helped improve it
Also, here are a few articles from our blog:
- A typical day at Root Labs
- Timing attack in the Google Keyczar library
- Wii hacking and the freeloader
- TPM hardware attacks
- Google tech talk on common crypto flaws
Required technical skills
- Fluent with C/C++ and a scripting language like Python or Ruby
- Familiar with one assembly language (x86 preferred)
- Security mindset: adept at noting places in a design where potential holes could occur, threat modeling, designing with least privilege and defense-in-depth. You have learned the lessons of qmail and can apply them anywhere. Specific security job experience not required.
- Good computer science background: complexity of algorithms, data structures, operating systems, networks
- Ability to quickly read a specification, research paper, or source code and understand the overall meaning, possible integration points, and compare/contrast to other systems.
Required general skills
- Good English writing skills (college level)
- Ability to work independently, manage time and expenses, self-motivated
- Client interaction and presentation skills
- Detail-oriented and honest
- Driver's license and access to a car
- US citizen or legal resident (sorry, we're too small to handle visa issues)
Bonus technical skills
- Windows and/or Unix internals: kernel, drivers, scheduling, memory management
- Computer architecture: cache coherency, paging, segmentation, compilers and optimization
- Embedded systems: bringup, firmware, interfacing, JTAG, and debugging
- Protocols: TCP-fairness, debugging network problems
- Hardware: VHDL/Verilog, interfacing, board design
- Cryptographic engineering: protocol design and evaluation, cryptanalysis
- Reverse-engineering: IDA Pro and plugins, debugger implementation, anti-debugging
We offer:
- Salary + bonus
- Stock options
- Laptop of your choice
- Basic healthcare
Please email the following to: 
- Resume with references
- Code samples (open source license or public domain only)
- Writing sample (technical subject preferred)
Please only contact us if you are representing yourself. No recruiters. Also please do not repost this elsewhere, including mailing lists, but feel free to tell your friends. Thank you.