IDS Security Analyst, what kind of interview questions to expect?

I was wondering if others at TechExams may know what sort of questions are asked for IDS security analyst roles. I am trying to get an idea of what to expect for entry to senior level positions. Would really appreciate any input on questions you've seen, heard of or know that are common! (the goal here is get an idea of what sort of topics or subjects are usually focused on since the field is so broad)

Find more posts tagged with

Comments

ITcognito

This doesn't pertain particularily to an IDS position, but may interest you: Information Security Interview Questions

docrice

Here are some more:

http://www.activeresponse.org/20-questions-for-an-intrusion-analyst/
http://www.linkedin.com/groups/Entry-level-IT-security-analyst-4001765.S.5796106091322433538

We've also discussed this in the past:

http://www.techexams.net/forums/jobs-degrees/90294-security-analyst-interview-some-what-you-need-know.html

LionelTeo

Hi Ice,

Its more about showing your prepared for the interview, being honest than getting the correct question. In all interview, there would be a high chance that you will encounter a question you do not know of, you should get use to giving a response like giving a short pause and goes about "I do not know about this, but I think it could be blar3"

I remembered once I had interview an candidate.

It goes like this.

Me: "What is the difference between an IPS and IDS"
Him: "IDS and IPS are <insert similarities>"
Me: "I want to know the difference between and IPS and IDS"
Him: "IDS and IPS are <insert similarities in a different worded way"
Me: "Let me rephrase myself, what is the strength of IDS that it has than IPS do not have, and what stength IPS has and IDS do not have".

The candidate keep quiet and do now know to answer. Just to show an example, its more important to focus on the correct answering technique, this is not a school exam where you had to get everything correct. The candidate would have present himself better by starting of with a don't know, but what he know of IDS and IPS, but being honest that he do not know the difference.

Being a interviewer before, and from interviewer stand point, its not really important on how correct the answer the candidate give; even if the candidate do not know the answer, it is possible to train the candidate up to fit into the work. However, if a candidate try to smoke and being evasive, he would possible pose a problem to other team mate and the operation if he is selected. Imagine him presenting a reporting with inaccurate figures and trying to claim its correct! Even a candidate that come up straight to say he don't know, although not the best answer, still fare better than a candidate who tries evasive method in answering a question.

Aside that, a few important area that what I understand from an interviewer perspective would be.

1) Is the candidate prepared? This is generally base on your response in general interview question.
2) Is the candidate trying to evade question, being dishonest? This is usually done via background checks, interview question on your background and seeing how you answer a difficult technical question.
3) Can the candidate thinks under stress? This is usually the scenario base question that asking for you for judgement. Example like, do you think investing 1/2 million in DDOS protection is worth it?

Being a candidate, you should also evaluate the company while the company evaluate you. It's very hard to check for culture flaw. But from experience, I would say.

1) Research, www.glassdoor.com can give you a good insight on almost every reasonably large size company
2) Flexible or Fixated hours? Flexible means you only have to clock 40 hours per week while fixated is a standard 9 to 6 timing. Try to find this online instead of asking the interviewer
3) Lunch time, if its a fixated hours, and your interview is near lunch, what time do people go and come back for lunch? Is the company very strict on this? Good signs are people coming back at 2:30pm or leaving early for lunch.
4) For flexible hours, people would got for a quick lunch and come back because they want to go home early, a good way is to observe the amount of people in the office after 4:30pm if your interview is schedule late.
5) Observe the interview, the interviewer is usually your hiring manager. Does that interviewer gets a 'out of topic' discussion with you?

Out of topic discussion is very important in interview. If you had an out of topic discussion with interviewer, you are really lucky to say you had a good chance of working under a good manager.

Let me relate to you another of my experience. I once had two company offering me at the same time, one is possibly higher (but more stressful), while the other offer earlier and seems more culturally good to work in. I do not know how to choose, eventually I took the lower salary because it seems more like the enviroment I want to work in. One thing I noted about the other company hiring manager is that, I do not have any out of topics discussion with him. Basically everything is like an exam question and fill in the blanks style. When I asked question he simply give the answer to the point. Not that its bad, but it would be really hard to develop a relationship with the hiring manager if he is very reserved.

On the other hand, with my current company, my hiring manager talks a lot during the interview, shows me around and tell me about the strcture without me asking. And my choice was right, during my work here, we covered a lots topic, from dogs, to martial arts, religion, politics and conspiracy theories; and its really great working under a manager where you had lots of topic to share about.

Anyway I am done here and I wish you luck for the interview, I wish my reponse here is not wasted and could on some help to you.

docrice

I'll also stress the point about being honest. Security professionals are a discriminating bunch by nature and we appreciate transparency. Any noticed attempt to downplay, evade, or mislead will very likely cost you the opportunity. Infosec is a wide field and it's unrealistic to expect a candidate to have all the answers. What we're almost always looking for are good fundamentals to build upon in addition to good communication skills, reasoning / insight, and the ability to research new things and apply them into the daily routine as the threat landscape evolves.

icezellion

Thanks for the feedback. The URLs linked above were certainly useful. My goal was to get an idea of what sort of questions come up for junior to senior level IDS roles -- the depth of information and subjects is pretty vast, for example I almost never hear questions such as 'analyze' this traffic. So I was curious to see what others experiences have been.

dmoore44

icezellion wrote: »

Thanks for the feedback. The URLs linked above were certainly useful. My goal was to get an idea of what sort of questions come up for junior to senior level IDS roles -- the depth of information and subjects is pretty vast, for example I almost never hear questions such as 'analyze' this traffic. So I was curious to see what others experiences have been.

We typically perform a two-stage interview process. The first is the phone interview, which is used to pre-screen candidates. If they make it past that, they come in for a face to face where we'll give them some more visual examples (i.e. analyze this traffic, tell us what sort of attack has this signature, etc...)