Interview Prep for Security Engineer Roles
So do you wanna be a Cyber Security Engineer and wondering what concepts you need to prepare to be fully ready and tackle the interviews, you have come to the right place.
Hello everyone, I am Bala Praneeth, a Master’s student in Cybersecurity from the University of North Carolina, Charlotte, and currently an Application Security Intern at IBM. Having been a victim of cybercrime in the past. I became determined to combat cyberattacks and improve cybersecurity for all. After facing numerous interview rejections, I have finally accepted an offer from U.S. Bank as a Security Engineer. However, I understand the challenges that come with preparing for security engineer interviews and hope to provide assistance through this blog.
Without further ado, let’s delve into the technical skills required for these interviews.
Technical skills:
Below mentioned are the key technical concepts I have prepared for an interview: Basics of Networking, Network Security, Linux foundational concepts, Windows basics, Python programming, Application security (OWASP Top 10), Penetration testing methodology and tools, Pivoting laterally and horizontally into a network, Active directory attacks, and defenses, ChatGPT.
Now let's take a look at each topic, in particular, to see what key concepts are needed for the interview preparation.
1) Networking basics: It is important to be clear with concepts like the OSI model, TCP/IP protocol suite, routing, switching, subnetting, Software Defined Networks, and VLANs as they are the basics and the core fundamentals of networking. It’s very important to also prepare how HTTPS/SSL/TLS works. I had questions on these in almost every interview. Knowing the common ports and services is mandatory.
2) Network security: Having a good understanding of firewalls, intrusion detection/prevention systems, VPNs, and network monitoring is very important, especially knowing the difference between Traditional and Next-Gen Firewalls is a huge plus. Once you are comfortable with these concepts you can focus on topics like Hashing, Digital certificates, digital signatures, and Encryption techniques.
3) Linux Foundation: As a security engineer it is very important to know and understand the working of Linux. Especially preparing the topics like basic Linux commands, working of a Linux file system, creating users and groups management, file/folder permissions, Basics of shell scripting, Linux inbuilt firewall (ufw, iptables), and the key differences between the /etc/passwd and /etc/shadow file might come in handy.
4) Python programming: Speaking about programming this doesn’t have an end when it comes to learning the concepts, I have always had the advice saying that “Coding is not required in Security, but it’s good to have”. I strongly believe that programming is required. I feel programming is nothing but solving puzzles, breaking down complex tasks into smaller tasks, this helps us to look at a problem from various perspectives to achieve a better solution. Working with strings in python, solving basic programs, displaying any school/work project knowledge, socket programming, at least one python framework to build websites (Django is the most popular), and projects consisting of any API development using python will be super handy.
5) Application security (OWASP Top 10): Speaking of the devil, coming to applications security the resources from Port swigger are well-versed and quite sufficient, I have divided this into three categories while preparing, these include: Server side vulnerabilities, Client side vulnerabilities, and advanced topics.
Server-side Vulnerabilities:
Client-Side Vulnerabilities:
Advanced Vulnerabilities:
Having a good understanding of these vulnerabilities and their respective mitigation techniques should be quite sufficient for the interview in the application security domain.
6) Pen-testing each service and port: Starting with pen-testing common ports and services and then moving on to privilege escalation can truly leverage your chances. Knowing the basic pentest methodology, how to attack services, Basic network pivoting, vulnerability scanning, solving boxes from Hack the box or Try hack me, and learning courses from TCM security (highly recommend Practical Ethical hacking course), this covers most of the technical concepts required for the interviews. These concepts should be sufficient and the key here is to understand vulnerabilities and mitigation techniques rather than replicate the lab scenarios. Attacking the Active directory environment would be a huge plus (Basic attacks like LLMNR poisoning, Pass the hash, SMB relay, etc)
7) ChatGPT: Last but not least the best resource would be ChatGPT. Consider this as your buddy and try asking questions on each topic if you are stuck, If I had a difficult time understanding a particular concept, I would ask a ChatGPT to explain like I’m 5 and then move my way along. Once you feel like are ready and well prepared, you can use ChatGPT, to act like an interviewer and ask you questions this would help clear any questions or concerns regarding a topic.
Finally, on the day of the interview, relax and keep a calm mindset, you have already been through the material several times, and dedicated those countless hours, it all boils down to the interview. Hope this guide helps. Good luck :)
If you guys enjoyed the blog a clap would mean so much to me. It keeps me motivated to post more content on Twitter and in blogs.
Networking-
Hope this write-up was helpful. Collaboration and networking are something that I have always enjoyed. Let’s connect.
Linkedin — https://www.linkedin.com/in/balapraneeth/
Twitter — https://twitter.com/Begin_hunt
Happy hacking !!!
If you have reached this far, thank you for reading this article. Kindly feel free to point out any mistakes and do let me know where I can improve in writing and explaining in detail. Appreciate it!!. All the best.
