
Red Flags in Software Developer Job Descriptions - webappsecperson
https://joecmarshall.com/posts/job-description-red-flags/
======
jasonkester
I disagree with these being red flags. In fact, for me, some of them are
indicators of gold:

 _Two Month Contract_

That's music to my ears. It signals two important things: First, it's a real
contract and thus going to pay really well. Fake contracts present themselves
as "contract to hire" or similar so that that they can convince you to agree
to a rate of "half your salary, but paid hourly without benefits". But for two
months? You're going to hear about my five figure per week rate.

And it's short. Two months and I'm out of there short. So no matter how toxic
the environment and how terrible the codebase is, it makes no difference. A
guy can stand anything for a couple months. Especially in combination with
that first point, which means that this is possibly the only gig I'll need to
take _all year_.

 _Cold Fusion_

Oh yeah, bring it on. This translates as "You are possibly the only person on
the planet who knows how to do this work. Charge us accordingly." If you find
this in combination with one of the short gigs from above, your life is about
to get really good. Your only real problem will be keeping a straight face
when you quote the rate you're going to charge for this contract.

In the end, I think it comes down to what you're looking to get out of the job
in question. If, like the author seems to be, you're looking for a long term
career at a new company then no, you're right, run away from these places.

But if you fancy a bit of fun quick contracting, this article is mostly a list
of bill rate multipliers.

~~~
nathan_f77
> Two Month Contract

Totally agree with your points here. I think it's also great to start with a
short-term contract before deciding if you want to become a full-time
employee. Just like how people usually date for a while before getting
married. Becoming an employee is a big commitment, especially at early-stage
startups.

(I'm currently looking for a 1-2 month contract if anyone is looking for a
full-stack web/mobile developer. Experience with Rails, React, React Native,
TypeScript, AWS.)

~~~
oblio
> Just like how people usually date for a while before getting married.
> Becoming an employee is a big commitment, especially at early-stage
> startups.

You can just quit during your trial period while on a long term contract...

~~~
nathan_f77
That's true, but it can be a lot of work to set up a new employee with
benefits, stock options. Also maybe there's a signing bonus, a new laptop and
other office equipment, relocation, visa sponsorship, etc.

I think it's better to start as an independent contractor (and work remotely.)
Then there is the expectation that this is a short-term contract, unless
everyone is happy and wants to continue working together.

------
oaiey
Red flag for outdated technology? That is hilarious. The IT world has already
more work in maintenance than in greenfield projects and that will grow every
day. When that is a red flag, good luck finding work in future.

~~~
bartread
This made me chuckle:

"Companies advertising outdated stacks open you up to the risk of building
_the wrong sorts of skills_ , which can have far-reaching effects on your
career." (Emphasis mine.)

The wrong sort of skills? Like adaptability, strong diagnostic skills,
pragmatism, self-awareness, and not being a massive diva all the time?
Although it's true that these things can have a far-reaching effect on your
career.

 _Every_ company that's been around for a while has legacy code and you _need_
to lose the fear of working with it. You also need to develop enough humility
to realise that the code you're writing today is tomorrow's legacy.

~~~
hakfoo
Honestly, I prefer maintenance.

Having code that's lasted long enough to need maintenance is a sign the
company has at least some grounded-in-reality fundamentals. The projects that
fell apart upon learning the business model was untenable or the technical or
social problem insurmountable, generally don't need maintenance programmers.

Staying a little off the bleeding edge also lets you focus on quality
execution, rather than chasing the trends. Sometimes the eventual best
practices aren't even offered and understood if you're adopting a platform or
framework too early. Nobody wants to hit a "drop everything and rewrite
because there was a huge API shift" moment.

~~~
dagw
_Nobody wants to hit a "drop everything and rewrite because there was a huge
API shift" moment._

No business owner or manager wants that. I know lots of programmers for whom
any excuse to throw away everything and rewrite from scratch is basically
Christmas. Some of the more unscrupulous ones might even try to engineer
unnecessary excuses to do just that.

~~~
HillRat
Oh, I’ve seen executive leadership fall for unscrupulous/ignorant consultants
pitching a “burn your stack, move everything to the cloud/LCNC/SaaS, and fire
your developers” approach. Invariably either the company or the CEO’s tenure
expires.

~~~
toomuchtodo
If you can offer your services recovering from these dumpster fires, you'll
never go hungry as a consultant.

~~~
dagw
Ironically you may still end up being paid less than the person who started
the dumpster fire

~~~
HillRat
Yeah, it’s the inherent tension between wanting a client that knows they’re in
a crisis, and the fact that companies in a crisis might not be able to pay
you. Yes, they’re ready to make the hard decisions; no, they might not have
the financial and operational latitude to actually do so.

~~~
toomuchtodo
With experience, you will learn to suss out when success is possible (for both
you and the client).

------
FreeKill
My favorite is always when the job description includes superfluous
descriptors in front of the developer role. Like "Rock Star" Developer or
"Super Star" Developer. In my experience, it's almost always code for we want
to put a ton of responsibility on you, while at the same time having
unreasonable expectations for both speed and quality of what you produce.

~~~
microtherion
I always wonder which part of the "Rock Star" personality those companies are
looking for. Shooting Heroin at work? Throwing TVs out the window? Chasing
teenage groupies? Dressing outrageously?

~~~
davidddavidson
[https://i.redd.it/s3f1ruepjhuz.jpg](https://i.redd.it/s3f1ruepjhuz.jpg)

------
spricket
Might as well add my own?

Constantly recycled job openings - to spot this you need to be searching for a
few months. But if you notice that the same posting is ALWAYS up for senior
positions, and it's not a huge company, your resume has a huge chance of never
being seen. From my experience, it's likely a company fishing for H1B
applicants. Even if you're on a visa stay away.

No intern program - as a general rule, companies with best engineers scoop
many straight out of school. I have never worked at a company with top notch
engineering that didn't have an intern program. Sometimes this is hard to see
since they focus on certain schools, you may be able to find out from
recruiters or Glassdoor.

Heavy usage of third party recruiters - the best jobs are easy to advertise.
Either the company is incompetent, the position is for legacy work, or the
company is just unnapealing in other ways. If legacy work is your jam, go for
it, otherwise be cautious. Note that this does not apply for specialized or
very high level positions. Use of executive recruiters is normal since paying
the cut is worthwhile.

Low or no bonus - we're in a tech boom nearing 90's levels. Your bonus should
be 10-30% of your salary. If the company is public, you need stocks. This is
the primary way companies keep apparent wages low. The golden eggs are hidden
in bonuses, perks, generous vacation policies, and especially public company
stock.

Old school practices - occasional work from home, somewhat flexible hours,
casual work environment, free snacks. If they offer less than 3/4 you can find
a better gig.

Non technical management - this should speak for itself. I've done it before
to much regret.

Strange hiring practices - personality tests, panel interviews, minimum GPA
rules, leetcode, asking about personal life (married? Kids? Political views?).
If you like the idea of hanging out with people from MENSA, sitting in
countless committee style meetings, or next to some frat bros or guys wearing
MAGA hats maybe this is for you. But asking these things of you reflects the
values of the organization. Birds of a feather flock together and humans are
no different.

Find a place with engineers that seem to love what they're doing, eachother,
and writing code. If they invite you to lunch and everyone is chatting like
old friends you probably can't go wrong. Bonus if they're actually excited to
talk to you about technology and what they work on.

There's much more but I'm sure the comment section will be flooded with it :)

~~~
jakobegger
> Constantly recycled job openings

If you see a small company with the same opening for a long time, it may also
be that they just haven't found anyone yet. Recruiting is hard, and it may
take a year to fill a position.

Of course, "small company" seems to be red flag for a lot of developers
anyway...

~~~
will_pseudonym
Or they haven't realized that the salary/comp they're offering for the
position isn't in line with the market.

~~~
nilkn
The team I'm on has a hiring rate of less than one person per year, but I
can't recall anyone ever turning down an offer because we couldn't offer
enough money. We're not in Silicon Valley and finding the right talent is just
that difficult.

~~~
vonmoltke
What is your typical time between identifying a need for a new engineer and
actually making the hire?

------
WrtCdEvrydy
1 was always caused by the requirements being made by HR.

4 is caused by people wanting to learn things on the employer's dime.

If employers weren't so cheap with training budgets, employees wouldn't do
learning projects that end up in Production... wanna see a dangerous company?
Find a place that has 37 different technologies in their hiring ads.

~~~
TeMPOraL
> _Find a place that has 37 different technologies in their hiring ads._

If those 37 different technologies were all recent (or recently outdated) JS
frameworks, or tools that are "hot" right now, I'd want to stay away. But if
those 37 different technologies are a mix of tried-and-true pragmatic hacker's
choice - say Bash, Perl, Python, R, etc. - covering a bunch of different
problem domains, I'd think highly of the company that seems to be able to use
the right tool for a job.

~~~
JustSomeNobody
This. While not 37, the projects I work on, on any given sprint I can be doing
some combination of C#, Python, C++(oooold C++), Java, JavaScript, Perl, BASH
or PowerShell. I actually love it because I am not doing the same old thing
day in and day out.

------
Nursie
> “PHP Contractor - 2 Months”

While 2 months is short, if you don't want short(ish) term contracts of six to
twelve months, awesome. Leaves more for me.

I've got around 18 years experience in a variety of tech stacks, being a
contractor/consultant is great. Come on board, either create a brand new piece
for the client or help them with an existing problem, deliver, move on.

God save me from rotting away in a corner at some huge corporate for years,
pretending to care about the company vision. I've done my time at that.

It helps me that here in the UK the market seems to be upside-down, compared
to the US - Contractors are usually more highly skilled and almost always
better paid than staff.

That all said, that two month estimate had better be a well understood problem
domain, with well defined requirements and a realistic amount of work, because
most contracts that small are not, and you'll end up two months down the line
with the client wanting to extend a month at a time and all sorts of pressure.

------
kazinator
> _jQuery simply doesn’t have the complexity or potential power of a full JS
> MVC_

jQuery versus MVC? What is this guy blabbing about. jQuery is a little DSL for
accessing the DOM using paths and patterns, instead of verbose chains of
accessors. If you just want to access some element nested in the DOM, there
nothing wrong with using jQuery; and how does some MVC framework help?

~~~
taurath
It definitely implies that there's something fishy going on though nowadays.
In almost any JS runtime jQuery isn't necessary anymore because most of the
good ideas are already added to the language.

~~~
kazinator
Fishy like "OMG, I was still in high school when this five-year-old code was
written"?

~~~
taurath
Fishy like you’ve got a 10 year old codebase that’s probably not had a lot of
active development over its life.

~~~
kazinator
Whoa! That takes us back to the Dark Ages of 2009. Did they even have Wi-Fi?
Man, there isn't going to be _any_ Angular, React or Ember in the code, let
alone all three like I was hoping for.

~~~
taurath
Kindly chill with the snark, and the implicit assumption that I'm some sort of
framework lackey. That was the year the iPhone 3g came out. Lots HAS changed
since then, not least that Javascript through 2009 was ES3, unchanged since
1999 at that point, 2 years after the language was released.

------
colordrops
Other red flags:

* t-shirts, foosball tables, etc as perks

* overly specific job description (you will be building a table widget using knockout.js)

* buzzword salad

~~~
tschwimmer
air hockey okay?

~~~
TeMPOraL
As long as you have a separate room for that...

There's little more annoying than having a foosball table next to your desk
while you have a job to do and are trying to concentrate. At one of my
previous jobs, there was a foosball table that travelled between rooms - each
8-people open-plan room wanted really hard to be the ones to have it, but
usually after a month or two of serving as company breakroom, they wanted
really bad to get rid of it. The table kept making rounds between rooms until
they finally freed a separate room to put it in.

------
keyle
I feel this could go well beyond a blog post. There could be a regularly
updated list somewhere on the Internet. My favourite is 'flexible on
lifestyle", meaning your lifestyle better be flexible, not theirs :) Or
allowing work from home, but better be 'dedicated', aka. being responsive 24/7
and never leaving 'work'.

~~~
taude
I agree, there's more to ta job than the technologies used. I'm biased,
though, and been around awhile working in most tech stacks.

Just some of the things I prioritize: 1) Engaged, smart teammates 2) Solving
an interesting business problem. What's the reasoning behind the softer, I'd
much rather work with some legacy technology if it means working with a
company with a great mission, vs doing the latest trends for yet another ad-
tech company. 3) convenient commute 4) Lifestyle (occasional work at home) 5)
Corporate Culture Fit 6) Amount of unplanned work and changing directions all
the time 7) Amount of Cognitive load of multiple projects at once 8) Location
in town (not necessarily for commuting, but just having a nice place to walk
to for coffee, out of office thinking time, etc.) 9) Co-workers passionate
about their craft

~~~
AnimalMuppet
Re 9: I don't care (directly) about whether my co-workers are passionate about
their craft. I care because those who are passionate about their craft tend to
produce a lot fewer messes and bugs - which I then have to deal with.

So it's a good sign of other things, but it's not actually the thing I care
about.

------
Benjamin_Dobell
> _Competitive salary_

Which is code for:

> _We know that if we display our salary range, we won 't get any
> applications_

------
Macross8299
I occasionally see ads for jobs that request absurd things like having x years
of experience in a technology where x is greater than the number of years the
technology has been around, but I strongly suspect that these type of ads are
not serious about hiring an outside candidate and are just put up for
legal/compliance reasons.

~~~
jedberg
It’s either for legal/policy reasons or because something was lost in
translation between the hiring manager and HR.

------
ahartmetz
Reporting in from Germany where the software situation is still pretty bad in
many companies. Red flags are "UML", "Enterprise Architect" (actual name of a
software package), and "model-driven development". I can handle legacy code
just fine - you have to when doing C++.

------
koolba
> “Early Stage Emmployee / Technical Co-founder / Person to Make My Thing”

A typo in the word “Employee” is another red flag. Attention to quality
extends to all things around the office including proof reading job
descriptions.

~~~
Gibbon1
My mom when she was working for the IRS saw an internal job ad where one of
the job requirements was 'experience in pubic speaking'

~~~
stock_toaster
I bet /that/ candidate had some stories to tell!

------
SSchick
A true red flag I ignored when I was a _very_ young developer was > 'Write
code that does not need to be tested.'. being a requirement for a junior
position. I came from a freelance background where tests were not a
requirement or even unwelcome due to the work overhead and cost. Suffice to
say I did not stay at this company for long.

------
tatoalo
“We want to make the world a better place”...(sensor for parked cars with
office in a basement)

------
franzwong
Some job descriptions include meaningless benefits. For example, in my
country, the law enforces employers to contribute to pension. Some job
descriptions include "Pension contribution" in benefit section. What????

~~~
poilcn
I'd guess that means that there is a market of unofficial jobs in your country
and the description says that they either contribute to your pension at full
scale or at some degree by reporting your salary for tax services lower than
it is. In my country half the companies do either of these cause all the taxes
on the behalf of the workers and pension contributions are done by them, not
the workers.

~~~
franzwong
Not the same for my country. It's simply those companies cannot think of any
benefit they can provide, so they just put the obvious one.

------
bungie4
#1 Red flag discoverable during your interview.

Ask if this is a new position or refilling and existing position. With some
discovery, you'll find if the churn rate on the job offered is high. If so,
run. Something is very wrong.

~~~
rms25
This is a very good question, saying this as some one who just took a job with
a high churn rate

------
un_montagnard
I'd forgotten about Coldfusion. Is anyone still using that technology?

~~~
sundvor
As a former CF dev I laughed out loud when I saw that part - CF+JQuery. But
yeah, it's amazingly resilient. The Java bytecode was quite fast and stable.

However there are certainly better tech stacks available. For one, the
variable scoping was nightmare-inducing stuff.

~~~
Novashi
I thought CF had a reputation of being insecure though?

~~~
general8bitso
Linode had an exploit awhile back, from their CF admin interface.

Lucee and CF runtimes are still activily maintained.

------
zwetan
let's add the obvious one

a long list of tech, skills, requirements, "must have", etc. with a low salary

------
kbumsik
I saw a hilarious job posting last year: "5+ years experience with React".

Come on, React wasn't even released 5 years ago from that moment.

~~~
myself248
To me, this is the worst out of all the habits listed here, because it's
clearly factually wrong.

Either they're so clueless they can't do math, or they're actively trying to
hire liars and only liars.

I don't want to apply for a job that forces me to ignore the truth before I
even get in the door. What else are they going to expect me to look the other
way about?

~~~
taude
You all are overthinking it. To me it's just a sign of a larger company where
there's an HR recruiting/hiring department that fronts the hiring manager.

------
aboutruby
"Looking for Ruby/Elixir developers" -> They just want Elixir developers but
put Ruby to have more applicants.

And in general there is a lot of keyword stuffing in job descriptions.

~~~
taude
I don't think this is an example of keyword stuffing. I hire a lot on
complimentary skills. I bet there's a lot of Ruby Devs out there who'd like to
learn and work on an Elixir project.

I've even interviewed at some shops that were Rails-based, but since I had a
lot of good OO programming experience, designed and built large-scale systems,
had skills with other parts of their stack, I had a better overall skill set
than some of their existing Ruby devs. And they accounted for this with part
of their onboarding process to get me up to speed in their Ruby codebase....

------
eternalny1
Comparing jQuery to a "JS MVC" is a bit odd.

~~~
hessproject
Yeah and I think there is definitely still a solid use case for jQuery. No
need to buy a yacht if all you need is a canoe.

------
tyingq
"X+Y years of experience with THING that has only existed X years" is my
favorite red flag.

------
PretzelFisch
At this point seeing "cs fundamentals" looks like an age discrimination red
flag to me.

~~~
AnimalMuppet
In which direction? It could be saying "High-school super-hacker who knows
Python? Don't bother."

------
rapsey
How about fullstack developer using entirely different technologies on the
server and client side. Just be an expert in everything and do it all.

~~~
jedberg
I know lots of devs who make clean, efficient, and readable javascript and
also make excellent Python code.

It’s not that odd to be good at two languages.

~~~
mikekchar
To be even more explicit, I can't actually see any benefit of trying to keep
the technologies the same on both sides of a TCP/IP border. Use the tool
that's best for the job, whatever it is.

I think a lot of the worry comes from developers that are relatively
inexperienced. We put "senior" tags on positions filled with people with only
a few years of experience. Sometimes I think it's hard for newer developers to
imagine what it's going to be like 10 or 20 years down the line. Being good at
2 language (or frameworks or whatever) is almost laughable. If you don't have
half a dozen hanging from your belt once you've got a quarter or a third the
way through your career, I think it's a big problem that you should aim to
fix. Picking up something new and being effective and efficient with it very
quickly is an incredibly important skill -- one which no programmer that wants
to work in the field long term should avoid.

Now, if you happen to have a very young team that realistically can't handle
the challenge, then that's a completely different story. It's also very
important to understand what your team is capable of.

~~~
blackflame7000
One scenario that might become more common is a C++ front and backend using
web assembly at the frontend.

~~~
mikekchar
At the moment I think that's unlikely because as far as I know web assembly
can't access the DOM. Once that's fixed, C++ and Rust and a few other
platforms will be a lot more viable. I'm not sure how popular it will get,
though. For example, GWT gives you a pretty complete Java implementation that
compiles to JS (I even use it on a project!). Even as popular as Java is, GWT
is not so popular. My experience with GWT has been that it's pretty awkward to
use. I can't think of a single thing that's easier to do than in native JS.
Personally, I think Typescript is probably a better fit for frontend work for
people who want types. Disclaimer: I'm an old school C++ programmer that
actually _likes_ writing JS ;-) Where I see web assembly being more compelling
is where you want to write native apps and port them to a web or mobile
platform. JS applications on the desktop require a pretty massive runtime
system and if that's your main goal, JS is not really a great option (IMHO).

~~~
blackflame7000
I'm right with you in terms of being an old school c++ programmer. I'm really
fond of the QT framework and they have been doing a lot of work to port their
widgets for WebAsm use. This made taking our existing Desktop GUI application
and embedding it straight into a webpage super easy. Our backend servers are
C++ based and speak JSON via WebSockets so reusing the same objects on the
front and backend was also convenient. Also, I would imaging web assembly
could open the doors for much more advanced game engines since a lot of them
are written in C++.

------
Xiaohang_Su
C++ expert

~~~
smallstepforman
You wont believe how many C++ experts apply for our developer roles (rolls
eyes).

------
kirykl
A non technical manager of mine once posted a job calling for a "COBALT
developer".

