The Security Engineering Assessment is intended to be used as one of the first interview rounds to effectively capture signal on general core skills typically needed for a security engineering role.
At a high level, security engineers are technical generalists, but also adept at learning quickly and collaborating with others. The amount of code writing a security engineer is expected to do varies from role to role, but the questions in this assessment are designed to holistically measure a candidateâs technical and teamwork-oriented skills.
Part 1 - Security Design Review (40 minutes)
A document writing exercise where candidates can edit and contribute to technical documentation. They can collaborate with teammates and demonstrate their ability to communicate via document comments.
Skills Measured
Security Frameworks & Compliance
Application security
Threat Intelligence
Network Security
Incident Management
Innovation
Collaboration
Communication
Focus Areas | Context and Question | Evaluation Criteria |
Designing Secure Systems | Candidates will be asked to collaborate on a security design document for a new feature and provide recommendations on its security posture. | Candidates are expected to address all the major fallbacks of the proposed feature and provide well-reasoned alternatives. |
Navigating Business Requirements | Candidates will collaborate with stakeholders and propose security best practices while considering the stated business goals. | Candidates are expected to promote security best practices while balancing organizational constraints and will be measured by their ability to clearly explain their reasoning. |
Part 2 - Code Implementation and Code Security Review (70 minutes)
A code editor exercise where candidates can edit and contribute to a complex multi-file code base and can provide technical security feedback and guidance to teammates.
Skills Measured
Network Security
Technical Reasoning
Code Quality
Application Security
Productivity
Communicating Ideas
Data Structures & Algorithms
Tasks | Context and Question | Evaluation Criteria |
Writing Code | Candidates will work on an open-ended coding task to automate the detection of network log anomalies. | Candidates are expected to complete this task by writing compilable code that clearly addresses potential security risks. |
Code Security Review | Candidates will review a small, multi-file codebase authored by a teammate. They will be asked to comment on potential security vulnerabilities and provide feedback. | Candidates are expected to provide effective, targeted feedback that is actionable by their teammates and will be measured by the quality of their technical reasoning. |