Facebook Interview Fail - Privacy Engineer
So after the feedback that I did very well on the secure design exercise and passed the behavioral and code rounds, I was below their threshold (more like an IC/E5 on my pirate (think like an attacker) and design review rounds. Any advice on where to get training for these items since it's not work I commonly do at my current position? (Outside of getting an OSCP or OSWE) Disappointed, but at least I know where to focus on. Have an interview with Proserve and Fortinet coming up and just want to do real hands on security engineering work. :( #cybersecurity #security #interview TC: 205k, 20 yoe
What did they ask in system design rounds? Was it similar to security system design round?
Signed an NDA and can't divulge specifics, but they cared less about scalability (DDIA) and more about security and data (minimization and security).
Also, I had an interesting email today. Evidently, someone in the process recommended me for a security engineer position rather than privacy. Apparently, I interviewed well enough that the cool down period didn't apply!
Appreciate the consistent updates!
Happy to! It genuinely seemed like an interesting position if you are privacy forward and want to do product privacy from end to end. I normally wouldn't be upbeat on Meta as a whole, but everyone I interviewed with was very sharp!
Why would someone ever want to work at Meta for Security/ Privacy lol.
To actually implement some?
That would actually require some ethics at the C-level to do property
There were coding interviews? :(
Most FAANG companies (and ones who emulate them like Snapchat/Roblox/etc) do coding rounds for anyone doing security these days, despite most security engineering work never touching any code unless you're AppSec. I'm talking things like IAM, and corporate security (sysadmin security) are including coding rounds. In a lot of cases it's bullshit gatekeeping because the role doesn't actually need it, but that's the sad reality.
I work in a non appsec security role and touch code every day :/
Their interview process is broken!. You are better than Meta, try another company!.
Why would a privacy engineer need to code? Automate, maybe yes. But companies like Meta are setting the wrong precedence by asking security folks to go through leetcode interviews.
Yes, they are losing lots of great candidates because of this broken process and unrelated requirements!.
> I was below their threshold (more like an IC/E5 on my pirate (think like an attacker) and design review rounds How’s your threat modeling and attack simulation experience? If it is close to 0, it’s going to be difficult just reading up on the strategies and then attempting these interviews. Unfortunately security engineering is not like software engineering, and a lot of times actual experience is what will get you through the interviews. Many candidates from security consulting background or many candidates that have just limited security engineering experience usually get down leveled, which is okay and helps in long term. You might want to think of some similar strategy if you’re trying to just break into security engineering.
I'm currently doing threat modelling and AppSec at my current client. Less threat hunting and more PoC, automation, and tooling.
We are hiring at Twitter for Privacy Engineers. I know the Elon threat is looming but our WLB is second to none. DM me for referral if interested
Do you hire in Canada?
Yeah. DM me
Basically, it was a mix of I code to response and "Here is a crappy codebase, what changes would you recommend to secure the application?" Nuking it from orbit should have been the only acceptable answer.
*incident response
Is an OSCP relevant to a privacy role at Meta? I ask because I'm interviewing for a privacy pgm position at meta but come from a security background. The role sounds cool but not sure I want to lose my security skills
If you're doing the red team or code audit privacy engineering position, one of the interview rounds is "adversarial mindset". Not enough to just know what happened in the 45 minutes, you need to tell them ways to fix it.
Just study owasp deep dive