I applied online. I interviewed at Jane Street (New York, NY) in Jan 2019
Interview
First off prepare for several rounds of interviews which I think if a very dated practice. In a field as competitive as IT security and in a market with such a low unemployment rate I think you need to re-think this idea. In the time that they got through the first 2 rounds I have another company reach out with an offer and I never made it to the in-person interview stage,
The first interview was a waste of time. I found out nothing about the position and it felt more like a psych screen than anything else. I think that is normal but there is no reason why the first 5 minutes of the interview can't be that and then move onto something more technical. The second interview was with someone in England, whose accent was so thick I had to ask him to repeat himself with nearly every question. He was condescending, totally not self-aware and had no business being an interviewer. The skillset in the job description had no bearing on the line of questions he was asking me. He proceeded to "engage in an intellectual discussion about the efficacy of 2FA" seriously? You are interviewing me for a 150k + role and this is what you want to talk about???
When I asked questions I found out that every piece of software they work with is proprietary, down to their email service. In the age of Saas services as advanced as Office 365 and Gsuite, writing and maintaining your own email server is nothing short of insane. I don't care what level of precaution you take, you not achieve a better level of security than the big boys so why waste resources on nonsense like this. Their phishing simulation software? why use knowbe4 when you can write that yourself too. In short, taking this position would be the equivalent of career suicide. Next interview I would go to several years later they would ask, what have you worked with lately? my answer" "everything is proprietary", Interviewer: "thanks and have a nice day". If you are a software developer this is a great place to go work, you will get a ton of experience because everything is made in house or based on opensource and customized. If you are an infrastructure guy my advice is to stay far away for the same reason.
Interview questions [1]
Question 1
what if i said i didn't want to use 2FA because all my passwords were unique and I was good at identifying phishing attempts.
I applied online. The process took 2 weeks. I interviewed at Jane Street (Hong Kong)
Interview
1. screening interview: No need to talk just tell you about the position, make sure you're interested etc. 2. technical questions from cybersecurity undergrad courses (see below) 3. Coding interview, they share a page and ask you questions you code and talk through it together (they dont run the code) 4. On site interview with 3 hour-long rounds, including things like questions similar to round 1, table top exercise, secure system design, maybe another coding question.
Interview questions [5]
Question 1
General guidelines for password hygiene and recommendations: what makes a password strong, how can we estimate the complexity of the password
2FA Methods and technicalities: For TOTP based 2FA how does the secret become the code that changes often How does it account for differences in time between the client and server
Typical website authentication flow: typical flow of data when a user navigates to a website and enters their user/password token call a post / get http request and why?
Coding q: get list of events with failed logins. We want to decide if we should raise an alert or not. Then gets more complex by adding users in events, and finally timestamp (only raise an alert if concurrent failed password by same user in given timestamp)
I applied online. The process took 2 weeks. I interviewed at Jane Street in Aug 2018
Interview
Before the interview, a chat was preceded about the company, the role and if you are a fit with their working environment, ethics, principles and how the hiring process goes.
The interviewers were friendly, process was fast. Unfortunately, I did not make it past the first round. The HR forgot to follow up, I learnt the result after I inquired them about the outcome.
Interview questions [1]
Question 1
Basic security questions about password hygiene, they try to probe about your stance in applying "best" practices in the field. The questions were open ended, and not of increasing difficulty. I felt that they were not prepared to argue about policies and choices, rather than confirming their own biases.