Skip to content

How Application Security Interviews Are Failing Security Engineers: A Look into Industry Practices

Original Post: Interview joke 2: Application Security (Prod. Sec) interviews are becoming joke (Security Engineers are trolled and wasted by companies) Part 2 | by Neelamegha Kannan S | Aug, 2024

The content is a critique of a job interview experience at a Log Analytics company for a senior application security engineer role. The author describes a two-round interview process:

  1. Round 1: A 20-minute online quiz with both relevant and irrelevant questions. The author was shortlisted for the second round.
  2. Round 2: An interview with a junior DevOps engineer, who lacked a security background and asked for a resume walkthrough and reasons for job changes. This round included a Capture The Flag (CTF) task that involved hacking a login page, which the author found unrealistic and unrelated to actual pentesting.

The author expresses frustration with the interview process, particularly the focus on a junior DevOps engineer conducting a security interview and an impractical CTF task. The unrealistic scenario involved accessing an admin page without any request body, which the author finds nonsensical.

Despite being highly experienced with certifications and extensive pentesting background, the author felt their skills were not adequately assessed. They criticize the company for wasting time and designating an interview process that does not accurately evaluate the necessary skills for the role. The author concludes by dismissing such companies as undeserving of skilled professionals.

Go here to read the Original Post

Leave a Reply

Your email address will not be published. Required fields are marked *