The Security Engineering Assessment is intended to be used as one of the first interview rounds to effectively capture signal on general core skills typically needed for a security engineering role.
At a high level, security engineers are technical generalists, but also adept at learning quickly and collaborating with others. The amount of code writing a security engineer is expected to do varies from role to role, but the questions in this assessment are designed to holistically measure a candidate’s technical and teamwork-oriented skills.
Part 1 - Security Design Review (40 minutes)
A document writing exercise where candidates can edit and contribute to technical documentation. They can collaborate with teammates and demonstrate their ability to communicate via document comments.
Security Frameworks & Compliance
Context and Question
Designing Secure Systems
Candidates will be asked to collaborate on a security design document for a new feature and provide recommendations on its security posture.
Candidates are expected to address all the major fallbacks of the proposed feature and provide well-reasoned alternatives.
Navigating Business Requirements
Candidates will collaborate with stakeholders and propose security best practices while considering the stated business goals.
Candidates are expected to promote security best practices while balancing organizational constraints and will be measured by their ability to clearly explain their reasoning.
Part 2 - Code Implementation and Code Security Review (70 minutes)
A code editor exercise where candidates can edit and contribute to a complex multi-file code base and can provide technical security feedback and guidance to teammates.
Data Structures & Algorithms
Context and Question
Candidates will work on an open-ended coding task to automate the detection of network log anomalies.
Candidates are expected to complete this task by writing compilable code that clearly addresses potential security risks.
Code Security Review
Candidates will review a small, multi-file codebase authored by a teammate. They will be asked to comment on potential security vulnerabilities and provide feedback.
Candidates are expected to provide effective, targeted feedback that is actionable by their teammates and will be measured by the quality of their technical reasoning.