I had a preliminary first-round interview with the recruiter for the Information Security team at Meta. The interview consisted of straightforward questions about my personal interests, my motivation for working there, a detailed review of the job requirements, and inquiries about my prior experience to determine if I met the prerequisites.

First interview was l33t code challenge 3sum problem. Unfortunately didn’t study for this programming problem and choked. Just memorize the top 25 hackerrank solutions or have them open in a document. Interview process is highly procedural.

They reached out to me as a Staff Engineer and put me in an interview with someone that asked me the most basic questions. It was like, what types of XSS is there? Why can't I use javascript to perform xss on another site? Very junior questions. Then they asked me one of those leet code questsions because they said I would need to know how to code in order to patch vulnerabilities. Anyway, I messaged them back before I got a yes or no and told them I wasn't interested. My guess is I probably wouldn't have moved forward because of the coding question even though I've architected entire systems and solely maintained them in production for years. When they asked me the Big O question I kind of shut down because it just told me that they dont have the capability to ask practical questions that relate to the role and just lazily throw in a question someone read in CTO magazine. The security questions show me that this was either an entry level role or the interviewer thought that low hanging fruit is the biggest threat to web applications. A more practical example would be showing me a crypto implementation, asking me what the threats are, is it implemented correctly, how would I fix it, and then have me actually fix it with an API provided. Instead I was being asked about why logins shouldn't be in a GET request. The current process will produce candidates that have had a lot of schooling and little practical experience in truly securing organizations. So, overall the experience was pretty negative. The interviewer also didn't have a personality. I felt like I was talking to a robot. I suppose its better to stick with Security companies when you are in the security industry I'm learning.