The Process

Find the Vulnerability

Most places, for application security engineer interviews, will give you a code snippet during the interview and ask you to find vulnerabilities in it. To throw a few out there: integer overflow into malloc that is then strcpy’d into, use after free’s, XSS, SQLi, directory traversal, bad random number generation, mostly simple stuff. Some will ask, How would you prioritize fixing these vulnerabilites? which is equally straightforward.

Coding Screen

What’s a duck type?

What’s the difference between an iterator and an iterator? Know how to implement either.

Certain modules that come up frequently, in Python for example this is: requests, csv, time, os and file operations.

Just go on a bunch at companies you can’t or don’t want to work at, it’s the best way to practice because otherwise you’re not under the somewhat unrealistic pressure and not put on the spot.

Know one language and know it well!

Know recursion, BFS, DFS and some companies ask about Big O.

Sample Questions, some of which there are solutions for, but you shouldn’t look at any of the solutions before writing your own.

  • Write a function that returns whether or not a number is a power of 2.
  • Create a linked list that supported add and remove. Numbers are added in ascending order, so if the

list was 1,3,5 and 4 was added it would look like 1,3,4,5.

  • The recursion chapter of Cracking the Coding Interview.
  • You are tasked with designing software that runs and controls elevators. Explain the defaults for all options available in your implementation. What safety precautions do you have to build in? What interfaces and class objects would you use? What configuration options would you need for the software to work in skyscrapers, buildings with only one elevator, and buildings with banks of elevators? How would these use cases change the objects and interfaces in your design?
  • How do you find all the permutations of a string? What is the running time?
  • Now imagine that the string has repeating characters. How could you modify your solution so it would only find unique permutations as efficiently as possible?
  • Implement a game of tic-tac-toe. How do you represent the game board? What interfaces do you expose?
  • Write a function that takes two strings as arguments and returns a string containing only the characters found in both strings. Have them write 2 versions – one that is O(n) and one that is O(n^2).

If they tell you the answer instead of nudge, you failed it, I’m sorry.

Manager Interview

They’ll mostly open it up to you to ask questions, this is where you must show an interest and that you’ve done your homework even more so than the other interviews.

End of the interview

If the team lead says “We’ll reach out” right before you leave, you got it!

Miscelleanous Advice

  • Don’t put a language you only have experience reading on your resume, unless it’s assembly.
  • Don’t reflexively say “I don’t know”, you may just not understand the question. Ask, “Can you rephrase the question?”
  • Never. Ever. Mention where else you’re interviewing.
  • Interview for fun, if you can. Can’t work on the East Coast? Have some practice rounds there first. Just don’t let the recruiters go crazy trying to offer you money when you’re not really interested, unless you can use that offer to negotiate with a good company.
  • Come prepared with a list of questions customized for each person. Ask tons of questions to show you’re interested and have thought a lot about the position and company.