Cigital Interview Questions | Glassdoor

Cigital Interview Questions

Updated Apr 27, 2017
69 Interview Reviews

Experience

Experience
67%
16%
16%

Getting an Interview

Getting an Interview
54%
19%
13%
11
1

Difficulty

3.0
Average

Difficulty

Hard
Average
Easy

Candidate Interview Reviews

Filter

Sort: Popular Date Difficulty

Filter

Sort: Popular Date Difficulty
  1. Helpful (1)  

    Associate Consultant Interview

    Anonymous Employee
    Accepted Offer
    Positive Experience
    Average Interview

    Application

    I applied through a recruiter. I interviewed at Cigital.

    Interview

    3 phases. 1st phase was normal phone screening, then pure technical for 45 mins, ghird stage is 2 video interviews. Later they called me on site. Overall process was easy and interviewers were friendly and patient. Just have strong hold on OWASP.

    Interview Questions

    • What is XSS, CSRF, SSL handshake, Cookie Management, etc   Answer Question

  2.  

    Associate Consultant Interview

    Anonymous Interview Candidate
    No Offer
    Neutral Experience
    Difficult Interview

    Application

    I applied through an employee referral. The process took 3+ months. I interviewed at Cigital in December 2016.

    Interview

    First was a simple HR phone screen with technical questions regarding Application Security. Second round was a technical exam testing if you could exploit/observe vulnerabilities in software snippets. As someone who had no background in application security, I had quite a difficult time.

    Interview Questions


  3. Helpful (1)  

    Associate Consultant Interview

    Anonymous Interview Candidate in Kearny, NJ
    No Offer
    Positive Experience
    Average Interview

    Application

    I applied online. The process took 2+ months. I interviewed at Cigital (Kearny, NJ) in September 2016.

    Interview

    it starts with a hr phone interview, then software security test, technical phone interview, webx interviews, followed by onsite. the hr phone interview will be very basic just to check whether you are interested in software security and your knowledge about the company

    Interview Questions

    • owasp top 10, practical scenario based questions, cryptography. injection, cross site scripting, sensitive data exposure, csrf, authentication and session management are important topics and they want you to think as an attacker and a developer   1 Answer

  4. Is this helpful? The community relies on everyone sharing – Add Anonymous Interview Review


  5. Helpful (1)  

    Associate Security Consultant Interview

    Anonymous Interview Candidate
    No Offer
    Positive Experience
    Average Interview

    Application

    I applied online. The process took 2+ months. I interviewed at Cigital in May 2016.

    Interview

    I had an initial phone screening with the recruiter which lasted for about 10 minutes. It included general questions about the resume, my background. General security question. Then I had a first technical phone interview which lasted for an hour. I was asked in-depth questions about my projects and experience. Other questions were on OWASP Top 10, behavioral questions, cryptography. Some questions were like If you are an attacker how would you attack this particular attack? If you are a developer how would you protect this particular attack? They basically wanted me to think as an attacker as well as a developer. It was a great experience, got to learn a lot. The interviewer was very positive, he knew a lot and very kind. We had a good discussion. I was then invited for the second technical interview but in the meantime my recruiter left the company so I had another short interview/ phone screening with my new recruiter. My new recruiter was exceptionally positive and kind, we had a great conversation. She is a very successful person with great experience so I was very nervous but she made me very comfortable. I now have my second technical interview next week. After which there will be one more onsite/ video screening interview.

    Interview Questions

    • Questions on OWASP 10, CSRF, XSS, Buffer Overflow, Cryptography, Threat Vulnerability, Security of web applications   Answer Question

  6.  

    Intern Interview

    Anonymous Employee in Boston, MA
    Accepted Offer
    Positive Experience
    Average Interview

    Application

    I applied online. The process took 3 weeks. I interviewed at Cigital (Boston, MA) in May 2016.

    Interview

    - Screening call including basic questions about security,
    - Written exam code review (JAVA, C++, PHP) you can choose one language.
    - Phone interview (OWASP 10)
    - 4 consecutive on site interviews (OWASP 10, information security concepts)

    Interview Questions

    • Majorly, questions are related to OWASP 10 and some language specific issues (C#, JAVA)   Answer Question

  7. Helpful (2)  

    Associate Security Consultant Interview

    Anonymous Interview Candidate
    No Offer
    Neutral Experience
    Easy Interview

    Application

    I applied through college or university. I interviewed at Cigital.

    Interview

    Whole processes were smooth. Though feel like the company is small it feels vibrant and everyone was friendly. At onsite interview, I met two people and one was the manager of the branch. He seemed also have technical knowledge which I think it will be plus to work with.

    Interview Questions


  8.  

    Associate Consultant Interview

    Anonymous Interview Candidate in Dulles, VA
    No Offer
    Positive Experience
    Average Interview

    Application

    I applied online. The process took 3 weeks. I interviewed at Cigital (Dulles, VA) in April 2016.

    Interview

    The process so far has been in roughly three stages. The first was an HR screening over the phone. The second stage was two technical interviews, the first being basic and straight forward and the second being more advanced and free-form. The third stage is two video interviews interviews.

    The College Recruiter was great and made the initial screening very easy. The Hiring Coordinator was very encouraging and prompt with getting back to me with any issues or questions, and with scheduling the interviews.

    Interview Questions


  9.  

    Security Consultant Interview

    Anonymous Interview Candidate in New York, NY
    No Offer
    Negative Experience
    Average Interview

    Application

    I applied online. The process took 5 weeks. I interviewed at Cigital (New York, NY) in April 2016.

    Interview

    You speak to an assistant to setup the first interview, the first interview is to gauge your knowledge about application security, the 2nd interview is the same. You might speak to someone with an Indian accent, and have a difficult time understanding what they are saying like I did, so just ask them to repeat what they said because your phone signal is cutting out.

    Basically they go over a list of vague SQL related questions, and act like application security is the be all end all of security, even though network security is the only real security.

    Interview Questions

    • Here are the 2nd interview questions

      How are passwords supposed to be stored? I answered triple des because thats the DOD standard until 2030, this is the wrong answer. They will then ask you how the encryption handshake happens between host and server.

      2nd question, was vague, if you're in an application what would you search for? I think this was related to sql injection, wasn't sure.

      3rd question, if I pull a username and password from an SQL database what can I do with it?

      The two people interviewing you don't really know much about pen testing, they're just going over a script that was given to them, I asked some questions about cloud security and a few other things they didn't have an answer for. I even demonstrated my knowledge about attacking which they aren't interested in, because they don't actually attack anything, they just run scripts.

      They seem like some company that just cold calls banks and tells them they need to pay for a pen test on their software, pretty straight forward skid company. The CEO Gary Mcgraw has some pod casts that suck, and he has done some videos about his company and the "OWASP top 10" which is some skid term for the top 10 application security vulnerabilities. Also he doesn't seem like he really likes hackers, or that we're able to make money. He calls hackers that are white hat "reformed" implying we're criminals, he then proceeds to bash us on how much money we make trying to jew us down from 10k to 7k to 4k for a penetration test.

      I didn't get an offer because I don't have the experience.

      By the way they don't have a sharepoint of work wiki knowledge base so avoid asking, this will trigger them. Also it took them 2 weeks to follow up with me to let me know I didn't get the 3rd interview, so don't wait around.  
      Answer Question

  10.  

    Associate Security Consultant Interview

    Anonymous Interview Candidate
    No Offer
    Positive Experience
    Average Interview

    Application

    I applied through other source. The process took 2 weeks. I interviewed at Cigital in March 2016.

    Interview

    The interview process consisted of a pre screening on phone with the Recruiter which was mainly to see the level of interest and knowledge about what the company does. This was followed by 2 technical phone interviews. The technical interviews also consisted of scenario based questions which really had no right answer. The interview experience was good although the second technical interview was tougher than I expected it to be.

    Interview Questions

    • Mainly about concepts in security and cryptography. Knowledge of OWASP top 10 is essential.   Answer Question

  11.  

    Software Security Interview

    Anonymous Interview Candidate in New York, NY
    No Offer
    Positive Experience
    Easy Interview

    Application

    I applied through college or university. I interviewed at Cigital (New York, NY) in February 2016.

    Interview

    I had applied through the Career Website of NYU and got an call for interview in approximately 8 days.
    The first Interview was a basic HR Screening Interview , going over the basic Application security my interests in the field and general company related questions.
    Waiting for the Decision on the next interview call.

    Interview Questions

    • Knowledge related to Penetration testing and other application security experience.   Answer Question

Don't Miss Out On a Job You Love
Upload a resume to easily apply to jobs from anywhere. It's simple to set up.