The interview was normal and asked expected questions that you would except in an interview for security consultant. No surprises or tricky questions that you couldn't anticipate for the level of the interview
Le processus a pris 2 semaines. J'ai passé un entretien chez NCC Group
Entretien
It's an unpaid waste of time. They give you a week to fully audit a vulnerable web app, and if your report isn't exactly how they want it (they give confusing rules) they ask you to redo it. I wasted 15 hours between talking to these people and diagnosing their web challenge.
So here's what the web challenge is; Mantis Bug Tracker version .19. The admin credentials are administrator:admin, there are a few SQLI, a lot of XSS and some RCE. Also according to the hiring manager most successful applicants don't realize the vulnerable web app is mantis bug tracker (they make zero modifications) which is concerning since the version is plastered over every public copyright on the scripts. Really really bad hiring process.
Don't apply here unless you like doing unpaid labor. If you do use the above hints to make it go faster.
Questions d'entretien [1]
Question 1
Two pentest challenges, mantis bt and reversing a protocol (but I never got to do it)
J'ai postulé en ligne. J'ai passé un entretien chez NCC Group (Chicago, IL) en mars 2023
Entretien
Practical Assessment and hiring manager discussion. You will get the decision within a week. The practical assessment contains all OWASP 10 vulnerabilities. Hiring manager round discussion depends on the manager
J'ai postulé en personne. Le processus a pris 3 semaines. J'ai passé un entretien chez NCC Group (Manchester, Angleterre) en juill. 2022
Entretien
One external recruiter and then a 2-stage process.
The first stage is internal HR.
The second stage is with the Hiring Manager.
Review my CV and discuss my experiences: nothing strange and a linear process.