I applied online. The process took 3 weeks. I interviewed at NuHarbor Security in Jul 2022
Interview
To my surprise, the interviewers were 100% against “stump the chump” questions. The interview was scenario based. The interviewers acted as if they (two individuals) were a SIEM and presented me with the following scenarios:
Intent: Talk through my thought process step-by-step as if I was using the SIEM in person and I am allowed to use OSINT/google
Interview questions [1]
Question 1
1. You are a L2 SOC Analyst, you receive an alert that a user logs in/successfully authenticated from Greece but normally log ins from Texas, how would you investigate this.
a. I asked: what type of logs do I have access to? Office 365
b. Am I the first person to investigate or has it been elevated to me? First person
c. After investigating the logs, has there been signs multiple login attempts? User1. User01, user_1? No, it was a legit login
d. No, but what are those called, what type of attack? Brute force—credential surfing
e. How did the user authenticate? RSA
f. Is this the first time the user logged in from a different location? Yes
g. VPN used? No
h. The scenario ended with me with saying “I am stuck and unsure what to do next, I would gather my notes and send it to a teammate for guidance/assistance”
2. You are a L2 SOC Analyst, you received an email from a third party vendor. The vendor software was just installed and it is in detention mode. Why did the email land in your inbox? How would you investigate?
a. First, I would look at the details of the email details message id, date time, from, to, spf, dkim, dmarc for further analysis. –All the email details are legit
b. Next, I would investigate the IP address to see if it is legit. The IP is legit.
c. Does the emails have any attachments? No
d. Phone numbers or misspellings? No
e. The scenario ended with me with saying “I am stuck and unsure what to do next, I would gather my notes and send it to a teammate for guidance/assistance”