Security Interview - Candidate Handbook

The Interview process for the cyber security role comprises of 5 rounds: 4 - Technical and 1-
Managerial

Technical Round - 1

Objective The knowledge, skills, and abilities needed to understand the purpose and function
of cybersecurity technology & processes, including tools and systems.

Domains ● Network architectural concepts and topology understanding

● Networking concepts, protocols,flows, network security methodologies
and its implementation
● Cloud-based knowledge management technologies and concepts related to
security, governance, procurement, and administration
● Concepts related to Cloud Security and Azure Cloud Networking
● Understanding of Network Security Models, ability to identify Gaps in the
implementation, operations of the Network Security Devices
● In Depth understanding of VPNs (IPSec , SSL )
● Security system design tools, methods, and techniques
● Perform Network Level Security Assessments and identify new emerging
security issues, risks, vulnerabilities and its applicability to the Flipkart
Ecosystem
● Ability to identify network based adversaries in the Flipkart Network
● Hands on knowledge of commonly used tools like Wireshark , Nmap,
Hping, tcpdump, dig etc.
● New and emerging cybersecurity technologies and trends into proposed
solutions
● Incident response strategy and plan to limit incident effects to Flipkart
Ecosystem and working on the remediation plans
● Adversary tactics, techniques, and procedures (TTPs)

Technical Round - 2 (CTF)

Objective The knowledge, skills, and abilities needed to protect, detect and respond to cyber
threats with advanced tools and systems along with simulation (CTF)

Domains ● Processes for incident response along with playbooks

● Simulation of incident response and coordination with internal and
external stakeholders
● Cyber defense techniques and tools on information technology
● Cyber defense mitigation techniques and vulnerability assessment tools,
including open source tools, and their capabilities
● Intrusion detection methodologies and techniques for detecting host and
 network based intrusions via intrusion detection technologies
● Identifying capturing, containing, and triaging network security incidents
● Ability to categorize security events and assign and work for further
analysis, response, or disposition/closure
● Advanced threat hunting / triaging using SIEM & technologies
● Ability to identify common threats or attack vectors in enterprise network
● Well versed with industry best practises for network security

Automation Round

Objective The knowledge, skills, and abilities to minimize testing time & human effort.

Domains ● Identify the test-cases in threat profiling that can be automated

● Transform data into various files/format for readability and analysis
● Implementation of automation in day-to-day task to reduce redundancy
● Integrate open source tools in our environment for testing
● Ability to create challenges for educating developers on vulnerabilities
and common implementation flaws
● Able to perform parsing of data in different formats like json, xml etc

Problem Solving

Objective Analyzes situations and solve problems by applying critical thinking in order to
resolve problems, and plan further courses of action and implement the solutions
developed in order to overcome problems and constraints

Domains ● Creates relevant options for addressing problems/opportunities identified

● Identifies the constraints and risks associated with the options identified
● Identifies and evaluates the advantages/benefits associated with the options
● Considers and evaluates the alternative courses of action identified
● Selects an effective option, based on the information available at the time
● Acts decisively by committing the option chosen to a course of action

Hiring Manager Round

Objective Hiring Managers evaluation based on energy level, product understanding, Self
Awareness, Passionate about work, sense of ownership