Skip to content

Latest commit

 

History

History
53 lines (46 loc) · 2.6 KB

common-security-interview-questions.md

File metadata and controls

53 lines (46 loc) · 2.6 KB
Raw

Common interview questions for security role

How do you handle common scenarios

  1. Developer security management issue - what’s your call?
  2. Technologies are changing; how comfortable are you?
  3. How do you keep yourself updated in the security domain?
  4. What personal achievement are you most proud of?
  5. Tell me one critical bug you found in the AppSec domain and one in the Infra domain.
  6. What would you do typically on the first day of your job?
  7. How will you scale security scope for heavy application-focused projects
  8. How will you convince the engineering team to fix 1000s of issues that your tool found
  9. What security measure would you take from a data integrity perspective

Questions that look easier but are challenging to answer

  1. What interests you about this role?
  2. What is your typical routine in office?
  3. How do you keep your team updated with work, etc.?
  4. What would be your first 30, 60, 90 days goal for product security?
  5. Why are you looking for a change?
  6. What are your biggest strengths?
  7. What are your most significant weaknesses?
  8. Where do you see in the next five years?
  9. Any serious issues you fixed/worked on in the last quarter/year? How did you resolve it? Have you learned anything from it?
  10. What are the significant challenges you have faced recently?
  11. What are your salary expectations?
  12. What are your career goals?
  13. What do you consider to be your most significant professional achievement?
  14. Describe your dream job.
  15. What is your leadership style?
  16. What questions do you have for me?
  17. What do you expect me to accomplish in the first 90 days?
  18. Market seems unstable, how do you keep attrition rate low?

Security fundamental questions:

  • OWASP top10 understandings
  • Crypto algorithms, primitives
    • Stream Cipher vs Block Cipher
    • Encryption vs Hashing vs Encoding vs Obfuscation
    • Why XoR is very important in the Crypto world
  • Network Protocols
  • Could you explain what is phishing? How can it be prevented?


Phishing is a technique that deceives people into obtaining data from users. The social engineer tries to impersonate a genuine website webpages like Yahoo or facebook and will ask the user to enter their password and account ID.

It can be prevented by:

  • Having a guard against spam
  • Communicating personal information through secure websites only
  • Download files or attachments in emails from unknown senders
  • Never e-mail financial information
  • Beware of links in e-mails that ask for personal information
  • Ignore entering personal information in a pop-up screen