Zama's mission is to safeguard privacy by making the internet encrypted end-to-end.
Zama is building a suite of products for securing AI applications in the cloud and on the blockchain. Developers and data scientists can build FHE-friendly applications using our technology without having to know cryptography.
We are always on the lookout for amazing cryptographers, software engineers, and data scientists.
What you'll be working on:
The Concrete Framework division is writing and maintaining several open-source cryptographic libraries and tools dedicated to Fully Homomorphic Encryption (FHE). Those libraries and tools are written with different languages (rust for libraries, cpp for the compiler, python for frontend, etc...) and target several environments (linux/macos/...) and/or hardware configurations (cpu/gpu/...). As an example of one of these libraries, Concrete-core is used as the backbone of the whole framework. It implements various cryptographic primitives. The codebase uses the Rust programming language as its main language, but it is expected to host hardware-specific code written in other languages in the near future.
What we're looking for:
We are looking for many different experience profiles, from young researchers (right after the end of the PhD) to more senior researchers and practical software engineers. He/she/they should:
Our process is described in detail here: https://medium.com/zama-ai/how-we-hire-at-zama-7c11aead4b02. Zama values and promotes diversity. We give everyone a fair chance to be evaluated on their mix of professional, academic, and personal skills. Our aim is to make the hiring process as pleasant, stress-free, and friendly as possible, even if the process is longer and more involved than you might find elsewhere.
Right now we're looking for full-time application hacking experts, and we do mean experts. Experience in finding awesome vulns during web app pentests/code reviews is a must, but we also end up doing a fair number of mobile apps, client apps, server apps, APIs, and embedded devices/IoT as well. If your well-researched advisories or bug bounties show up around the web that's a really good sign. That being said, public advisories/bounties are not a requirement, we know there are plenty of good folks in the world who prefer not to publish any of their findings and we'd love to talk to all of you folks as well. We also do a bit of Reversing every now and then, so that experience helps for the occasion it arises.
We work on hundreds of projects a year, here's a current snapshot of what we've got going:
Who you might be:
Who we are:
We're an all expert boutique consulting company who have served hundreds of clients since our founding in 2010. We do this with a relaxed remote working environment where we can expertly hack on big name clients such as large websites, software companies, hardware companies, as well as tons of start-ups you've heard of. We do our best to put a different spin on the InfoSec/AppSec consulting game as we put our consultants and clients first and foremost! That means work on your own schedule, work from almost anywhere (we've had people finish RCE findings while camping in the French Alps), and we only work with self-directed and responsible senior consultants who consistently show professional results (pay is based on that kind of experience.)
You're right up our ally if you're currently doing security app assessments at another consulting shop and want a better work/life balance, with less client interaction (management handles that), skip all the BS parts of reporting, no sales/marketing/PMs that don't know what they're doing and cause you grief, no multiple layers of management, no bureaucracy, no "I just broke the Internet and I'm better than you" egos/attitudes, and more time to hack on stuff during engagements or do whatever you want to do in your down time (yes paid research time is included for our full-time team.)
If any of this sounds interesting please hit us up with a resume||CV and links to any of your work that might be public or a description of any private research you feel like sharing.
Pay/Benefits: We pay in the ballpark of the larger consulting shops and we offer 100% coverage from top tier health/dental plans. We have lots of other perks for full-time employees like paid conferences, etc.
Telecommuting: Yes, almost exclusively. Travel is an option if you want it, but it's currently ~1% of our total work.
Contracting/Full-time: Our preference is Full-time, if you're awesome and don't want to be an FTE email us anyways.
Location: We're looking for folks in -8 GMT through +1 GMT timezones.
Clearance: Nope, we don't work in that field. Look elsewhere for WannaCyberInASCIF? work.
Company Future: 1) Do fun hacks with awesome clients 2) Have fun doing it 3) Can we do something awesome research/products/service wise? if not...4) Reinvest profits to GOTO #1.
You are now level Current level