Cigital Security Consultant Interview Questions | Glassdoor

Cigital Security Consultant Interview Questions

6 Interview Reviews

Interview Experience

Interview Experience
60%
20%
20%

Getting an Interview

Getting an Interview
40%
40%
20%

Interview Difficulty

3.2
Average

Interview Difficulty

Hard

Average

Easy

6 Candidate Interview Reviews Back to all Interviews

Filter

Sort: Popular Date Difficulty

Filter

Sort: Popular Date Difficulty

 

Security Consultant Interview

Anonymous Interview Candidate in New York, NY
No Offer
Negative Experience
Average Interview

Application

I applied online. The process took 5 weeks. I interviewed at Cigital (New York, NY) in April 2016.

Interview

You speak to an assistant to setup the first interview, the first interview is to gauge your knowledge about application security, the 2nd interview is the same. You might speak to someone with an Indian accent, and have a difficult time understanding what they are saying like I did, so just ask them to repeat what they said because your phone signal is cutting out.

Basically they go over a list of vague SQL related questions, and act like application security is the be all end all of security, even though network security is the only real security.

Interview Questions

  • Here are the 2nd interview questions

    How are passwords supposed to be stored? I answered triple des because thats the DOD standard until 2030, this is the wrong answer. They will then ask you how the encryption handshake happens between host and server.

    2nd question, was vague, if you're in an application what would you search for? I think this was related to sql injection, wasn't sure.

    3rd question, if I pull a username and password from an SQL database what can I do with it?

    The two people interviewing you don't really know much about pen testing, they're just going over a script that was given to them, I asked some questions about cloud security and a few other things they didn't have an answer for. I even demonstrated my knowledge about attacking which they aren't interested in, because they don't actually attack anything, they just run scripts.

    They seem like some company that just cold calls banks and tells them they need to pay for a pen test on their software, pretty straight forward skid company. The CEO Gary Mcgraw has some pod casts that suck, and he has done some videos about his company and the "OWASP top 10" which is some skid term for the top 10 application security vulnerabilities. Also he doesn't seem like he really likes hackers, or that we're able to make money. He calls hackers that are white hat "reformed" implying we're criminals, he then proceeds to bash us on how much money we make trying to jew us down from 10k to 7k to 4k for a penetration test.

    I didn't get an offer because I don't have the experience.

    By the way they don't have a sharepoint of work wiki knowledge base so avoid asking, this will trigger them. Also it took them 2 weeks to follow up with me to let me know I didn't get the 3rd interview, so don't wait around.  
    Answer Question

Other Interview Reviews for Cigital

  1.  

    Security Consultant Interview

    Anonymous Employee in Bloomington, IN
    Accepted Offer
    Neutral Experience
    Average Interview

    Application

    I applied through college or university. The process took 2+ months. I interviewed at Cigital (Bloomington, IN) in January 2015.

    Interview

    1 : HR call around 30 min

    - general questions like, why cigital ? , why security ?

    2 : software security written test which you have to mail back in given time.

    - this is easy if you already know some application security concepts

    3 : two technical phone interviews

    - If you have clear concepts in OWASP top 10, you should not have any problem in these.

    4 : Onsite, 2 back to back technical interviews with senior security consultants.

    - In detail questions regarding OWASP top10 , Cryptography and how modern webapps work

    5: Onsite, interview with manager

    They sometimes delay your interview feedback.

    Interview Questions

  2.  

    Security Consultant Interview

    Anonymous Employee
    Accepted Offer
    Positive Experience
    Average Interview

    Application

    I applied through a recruiter. The process took 2+ months. I interviewed at Cigital in May 2014.

    Interview

    Had email contact from their recruiter via LinkedIn. Talked with the recruiter and then went through four phone tech screenings. These were less technical than I had expected but covered my experience in the software security field and information security field pretty well. Feedback generally came within a few days and then the next call would be scheduled until the four were done. After passing those I was flown into the corporate HQ where I talked with three more employees. One more about how they managed their employee assignments and career management and where I'd like to go and two more technical interviews.

    Interview Questions

    • No specific difficult questions but they did ask about areas I had little or no experience in or had not touched for some time. They weren't looking for knowledgeable answers as much as assessing the thought processes.   Answer Question
  3. Helpful (3)  

    Security Consultant Interview

    Anonymous Interview Candidate in Dulles, VA
    Declined Offer
    Positive Experience
    Average Interview

    Application

    I applied online. The process took 4 weeks. I interviewed at Cigital (Dulles, VA).

    Interview

    There was an initial skills test (find the bugs/security vulnerabilities/etc.), followed quickly by a HR screen, followed quickly by two technical screens with existing consultants. After that, they quickly moved to have me on-site for another set of interviews. The onsite interviews consisted of three sessions, the first two focusing more on technical skills, and the last with a manager which focused more on the candidate's specifics. The whole process took the whole day. Overall, impressions of the employees was very positive -- specifically the manager.

    Interview Questions

    • Some of the personal questions were challenging, but the behavioral and technical questions were nothing unexpected (though they were pretty thorough)   Answer Question

    Reasons for Declining

    After reflection, I realized I didn't want to travel as much as I would need to. Additionally, the salary was not compelling enough for me given the cost of living in the area.

  4. Is this helpful? The community relies on everyone sharing – Add Anonymous Interview Review


  5. Helpful (3)  

    Security Consultant Interview

    Anonymous Employee
    Accepted Offer

    Interview

    Basic SDLC knowledge and strong security knowledge asked for

  6. Helpful (4)  

    Security Consultant Interview

    Anonymous Employee in Sterling, VA
    Accepted Offer
    Positive Experience
    Difficult Interview

    Application

    I applied through a recruiter. The process took 5 weeks. I interviewed at Cigital (Sterling, VA).

    Interview

    In a word: tough
    Recruiter was persistent, finally decided to talk to the person who'd been chasing me down for 2 years. She seemed to think the travel wouldn't be as much as it used to be, and so far, I've barely had to travel. The tech folks were tough. But I persevered!

    Interview Questions

    • Too many to list or that I care to remember. Plus, I don't want to list any here for fear that they'll likely be used again.   Answer Question

    Negotiation

    Professional. Got what I needed to make a sensible move from my old, rather dull, job.

Don't Miss Out On a Job You Love
Upload a resume to easily apply to jobs from anywhere. It's simple to set up.