Domande di colloquio per Cyber Threat Analyst di Synchrony

Passa al contenuto Passa al piè di pagina

Synchrony

Colloqui

Colloquio per Cyber Threat Analyst

9 ago 2019

Candidato anonimo a colloquio

Le migliori aziende per "stipendio e benefit" vicino a te

Standard Chartered Bank

3.5★Stipendio e benefit

Barclays

3.8★Stipendio e benefit

Absa

3.8★Stipendio e benefit

Standard Bank Group

4.0★Stipendio e benefit

Ricerche correlate: Recensioni su Synchrony | Offerte di lavoro di Synchrony | Stipendi di Synchrony | Benefit di Synchrony

Colloqui di Synchrony Colloqui per Cyber Threat Analyst presso Synchrony Colloquio di Synchrony

Colloquio

This company has no integrity whatsoever. I was offered a role and after 3 weeks(i rejected all my other offers at hand at that point) i was told that the position is no longer available due to a budget freeze! After a day or so i was contacted about the same role through a different vendor and considering the security advances the first interviewer bragged about i wanted to work with their team so gave it another shot. Turns out their security team is a big JOKE! This time after 3 successful rounds the last round was with two lead engineers- shame they are even called that. The interviewers were not qualified to be interviewing senior candidates they had at best diploma level security knowledge - i have no idea how their security team is even running with people like this? If you are a security professional please read the interview questions and decide for yourself if you want to get this low with this low level team.

Domande di colloquio [5]

Domanda 1

1.The technical leads asks me to explain attacker life cycle as to how he gets in to lateral movement. Then i start talking about MITRE matrix and then he cuts me off saying "oh that is only used after the attacker gets into the network"- what a shame! Security team that has no minimum knowledge! when in realty mitre has a pre-attack and post attack matrix. The attack framework talks about Techniques from initial access to command and control.

Rispondi alla domanda

Domanda 2

The interviewer talked about using brute force for lateral movement .. ->which is not stealth and most attackers do NOT use this technique instead they leverage existing tools on the network such as vulnerable remote access tools

Rispondi alla domanda

Domanda 3

They asked me about DLP triage and incidents-- no where in my resume nor requirements DLP was mentioned, which shows that they had no clue what they are even interviewing for?

Rispondi alla domanda

Domanda 4

Asked about privilege access .. when trying to explain from attacker perspective they cut me off to say in a large environment an attacker would use user accounts with lower privileges to admin accounts and then establish lateral movement - which is just one vector? I guess that is all he knew?

Rispondi alla domanda

Domanda 5

For initial access i talked about drive by downloads/watering hole techniques and methods to mitigate and detect it. After a while the other interviewer asks me - tell me a way an attacker from the outside would get into an organization?? well, drive by downloads is one such technique. I also mentioned valid accounts and spear phishing. Also when i mentioned drive-by downloads the interviewer mentioned that this technique is after an attacker has access to the system (LOL *BANGS MY HEAD TO THE WALL*). This technique is USED for initial compromise. How are these people even security professionals?

Rispondi alla domanda

Synchrony

Colloquio per Cyber Threat Analyst

Le migliori aziende per "stipendio e benefit" vicino a te

Aziende seguite

Ricerche di lavoro

Le migliori aziende per "stipendio e benefit" vicino a te

Colloquio per Cyber Threat Analyst