First round : technical telephonic
Second round: technical
Basic application security questions are asked. OWASP top 10, xss, SQL, csrf, session related, privilege, idor, audit logs, scenarios, payloads, burp suite, http headers, project handling, etc.