J'ai postulé via un recruteur. Le processus a pris 6 semaines. J'ai passé un entretien chez Synchrony (Stamford, CT) en juill. 2019
Entretien
This company has no integrity whatsoever. I was offered a role and after 3 weeks(i rejected all my other offers at hand at that point) i was told that the position is no longer available due to a budget freeze! After a day or so i was contacted about the same role through a different vendor and considering the security advances the first interviewer bragged about i wanted to work with their team so gave it another shot. Turns out their security team is a big JOKE!
This time after 3 successful rounds the last round was with two lead engineers- shame they are even called that. The interviewers were not qualified to be interviewing senior candidates they had at best diploma level security knowledge - i have no idea how their security team is even running with people like this? If you are a security professional please read the interview questions and decide for yourself if you want to get this low with this low level team.
Questions d'entretien [5]
Question 1
1.The technical leads asks me to explain attacker life cycle as to how he gets in to lateral movement. Then i start talking about MITRE matrix and then he cuts me off saying "oh that is only used after the attacker gets into the network"- what a shame! Security team that has no minimum knowledge! when in realty mitre has a pre-attack and post attack matrix. The attack framework talks about Techniques from initial access to command and control.
The interviewer talked about using brute force for lateral movement .. ->which is not stealth and most attackers do NOT use this technique instead they leverage existing tools on the network such as vulnerable remote access tools
They asked me about DLP triage and incidents-- no where in my resume nor requirements DLP was mentioned, which shows that they had no clue what they are even interviewing for?
Asked about privilege access .. when trying to explain from attacker perspective they cut me off to say in a large environment an attacker would use user accounts with lower privileges to admin accounts and then establish lateral movement - which is just one vector? I guess that is all he knew?
For initial access i talked about drive by downloads/watering hole techniques and methods to mitigate and detect it. After a while the other interviewer asks me - tell me a way an attacker from the outside would get into an organization?? well, drive by downloads is one such technique. I also mentioned valid accounts and spear phishing.
Also when i mentioned drive-by downloads the interviewer mentioned that this technique is after an attacker has access to the system (LOL *BANGS MY HEAD TO THE WALL*). This technique is USED for initial compromise. How are these people even security professionals?