I applied online. The process took 2 weeks. I interviewed at Bayzat (Dubai) in Jul 2022
Interview
It starts with self-recorded videos where in you have to talk about the things they have asked as a questionnaire. A camera-shy person would not be able to do it confidently.
Interview questions [1]
Question 1
Web tokens, Programming language, Application Security.
I applied online. The process took 3 weeks. I interviewed at Bayzat in Mar 2023
Interview
I applied for the position of Senior Security Engineer (Application) through LinkedIn. The interview process consisted of four rounds. The first round was a one-way video interview with three to four behavior-related questions. The second round was a home assignment in which I was given a vulnerable lab to complete within seven days and send a detailed report. I took this task seriously and finished it in six hours, submitting the report promptly. The third round was a technical discussion, and the fourth round was with the CTO. Interestingly, during the third round, I was interviewed by two VPs with a developer background who informed me that they only had one engineer in the application security team. In my career, I have conducted more than 50 interviews, but I doubt any candidate has ever felt that I had wasted their time during the interview process, as I did after undergoing this interview. I was asked one question by each of them. One guy asked me how JWT works. I explained it well, even outlining the different ways JWT tokens can be vulnerable and how to exploit them. However, being from a development background and in a managerial position, I believe that my explanations went over the interviewers' heads. I think they might have expected me to answer more theoretical aspects of JWT. Later, I came across an old interview review on Glassdoor for the same position in which the candidate mentioned the question he was asked in the interview was about the use of JWT for authentication and authorization. I think the interviewer might have only read the theory about JWT and did not make an effort to learn more about application security before conducting interviews with professionals. The other guy asked me one or two questions about my knowledge of SSDLC, and my interview was completed within 20 minutes. After working so hard on the lab and spending my time, it was disappointing to be rejected by people who asked how JWT works to a candidate with 7-8 years of experience. I suggest that they hire technical experts to conduct technical interviews. In the end, I am happy that I do not work with such a crowd. 😃
I applied online. The process took 3 weeks. I interviewed at Bayzat (Dubai) in Mar 2023
Interview
I applied for the position of Senior Security Engineer (Application) through LinkedIn. The interview process consisted of four rounds. The first round was a one-way video interview with three to four behavior-related questions. The second round was a home assignment in which I was given a vulnerable lab to complete within seven days and send a detailed report. I took this task seriously and finished it in six hours, submitting the report promptly. The third round was a technical discussion, and the fourth round was with the CTO. Interestingly, during the third round, I was interviewed by two VPs with a developer background who informed me that they only had one engineer in the application security team. In my career, I have conducted more than 50 interviews, but I doubt any candidate has ever felt that I had wasted their time during the interview process, as I did after undergoing this interview. I was asked one question by each of them. One guy asked me how JWT works. I explained it well, even outlining the different ways JWT tokens can be vulnerable and how to exploit them. However, being from a development background and in a managerial position, I believe that my explanations went over the interviewers' heads. I think they might have expected me to answer more theoretical aspects of JWT. Later, I came across an old interview review on Glassdoor for the same position in which the candidate mentioned the question he was asked in the interview was about the use of JWT for authentication and authorization. I think the interviewer might have only read the theory about JWT and did not make an effort to learn more about application security before conducting interviews with professionals. The other guy asked me one or two questions about my knowledge of SSDLC, and my interview was completed within 20 minutes. After working so hard on the lab and spending my time, it was disappointing to be rejected by people who asked how JWT works to a candidate with 7-8 years of experience. I suggest that they hire technical experts to conduct technical interviews. In the end, I am happy that I do not work with such a crowd. 😃
I applied online. The process took 4 weeks. I interviewed at Bayzat in Sep 2022
Interview
They have very stressful and difficult process hiring process.
1. First you have to take a quiz immediately after submitting the application.
2. They review it then ask you to record videos answering some generic questions as a one way interview.
3. Then they sent over a take home assignment to work on in 7 days. They had a mistake in the first task too but I found a way to correct it and solve it. I submitted that assignment in first 12 hours btw, everything solved up to the mark. The interviewer even said that I found a creative way to solve the task.
4. Then they have technical interview (I’m not sure what’s the point of this interview now when you’ve tested the candidate plenty?) This step went pretty well too actually.
5. Then there’s another interview with CTO and whatever for idk what purpose.
6. Then there’s reference checks and a offer based on that. Very tiring.
They rejected with a generic email after step number 4. The HR was so insistent on learning the expected salary before moving forward and honestly, for such a tiring process they’re paying a very small number!
I asked for some feedback and never heard back from them.
Interview questions [1]
Question 1
What are JWTs used for? Authorization or Authentication?
