Senior security engineer Interview Questions
377
Senior Security Engineer interview questions shared by candidates
What sort of anomalies would you look for to identify a compromised system?
1 Answers↳
I used a whiteboard to draw out a basic network architecture including security technologies like IPS/IDS, Firewalls, AV, etc, and described the type of traffic and logs I could use to identify a compromised system. Less

They asked me about Linux OS.
4 Answers
Standard technical questions: I couldn't awnser them mainly due to the fact that I had never used the technology that they were looking for! Very frustrating. The interviewers asked my age very early on in the interview, and then laughed and joked about it when I told them.
2 Answers↳
As soon as the interview was over, I emailed the HR manager and explained my problems. I will not be interviewing with this company again, and indeed feel so strongly about the issues with this role that it motivated me to write a review. I have never written a review of a company before, this certainly took the bisquit for the worst interview i've ever done! Less
↳
Interviewed with them last year and had a very bad experience with one of their consultant. He was very rude, asked some questions and used to interrupt every 10 sec during the answer without even let me finalise the answer/concept. Less

They are so rigid in their interview process that I beleive they overlook talent and are focused on people passing Dr. Mercer's tests
2 Answers↳
three of the people I interviewed with were somewhat disgruntled with the company... overworked. Less
↳
At the end of a 3 hour interview that went perfectly, I was told I'd meet the president of the company. Prez came in and said, "I have 5 minutes." He showed me a bad photocopy of the company's core values... status quo. I said, Yes! I agree. He asked me, "The client is always right. True or false?" I said, "Well, the short answer is 'yes, of course! But for the past decades there's a much larger understanding of customer relationships... and it involves developing a partnership and strong supply chain" . They never called me to inform me of the interview result. I reached out the the company director who never took or returned my calls. No wonder that outfit had a non-stop search for production supervisors and process engineers. The company will be gone in a few years. Less

Generic questions about my life, how I react with others, in front of conflicts and a good amount of tech questions because the job is tech oriented.
2 Answers↳
None of the questions felt like being a trap or stupid questions like "name 3 of your weaknesses" (we all know in this situation you don't really know what to say..). I could answer honestly, discuss, and if I didn't know I felt I could say so. Less
↳
Any Specific questions?

How would I migrate very, very large (many TB) of user data from a bare-metal data center to AWS?
2 Answers↳
My preferred answer was a truck full of HDDs. Then I sketched out a way to do it in software. Less
↳
There's a lot of elements to typically cover in these questions, clarifications, scoping, making sure you're answering the actual question the interviewer is looking for you to answer, etc. Could be worth doing a mock interview with one of the Prepfully Mixpanel Senior Security Engineer experts... they've worked in the role so they clearly know how to get through the interview. prepfully.com/practice-interviews Less

How would you get metrics to measure the performance of the whole team?
2 Answers↳
Gave him quantitative and qualitative answers. He didn't like either answer.
↳
Look at KPI (key performing indicators) such as spend vs budget, track the volume of changes impacting deliverables, etc. Promote change, get innovated and strategically plan to to avoid spending over budget and Avoiding bottlenecks to name a few. Less

What are common webapp flaws? Explain. How to you secure platform X (with details)? How to do ensure security occurs before shipping the product, etc?
2 Answers↳
Injection vulnerabilities and cross-site scripting Broken authentication and session management Insecure direct object references Security misconfiguration Conclusion Less
↳
Injection vulnerabilities and cross-site scripting Broken authentication and session management Insecure direct object references Security misconfiguration Conclusion Less

Explain policy (refused to explain if this involves cyber security, Active Directory, firewalls, ...).
1 Answers↳
I provided answers for cyber security, Active Directory, firewalls, ...