Security Analyst Interview

MagnumOpus

I will be interviewing for a Security Analyst position next week and I am way beyond nervous. I have 2 years of experience in the IT field, certs. completed via WGU and a strong interest in the field. But given I'm such a newb in the area of IT security, and a deep understanding of networking & security knowledge is lacking at the moment. I'm refreshing what I know, but I'm really sweating this interview right now.
This is definitely a first for me.

RogueEnigma

I see you have the Sec+ and Linux+. That is good. They will probably ask you some intro Linux questions (what command tails a log, etc). I would know packet level analysis. If you haven't already, download Wireshark and watch packets come in and analyze what the screen is saying. Break each packet down and be able to describe the payload, etc.

Know the OSI model and what each layer does. Know what layer the ping command is at, etc (that is a trick question they like to throw in )

I would also download Kali Linux onto a virtual machine just to play around. Look into NMAP commands and know how to do a basic port scan. Look into Nessus as well.

On the other side of the coin, check out Metasploit and other hacking tools.

I would also research some security websites and be familiar with some known malware and what it does.

They are probably looking for someone who is really into Comsec and willing to learn, so let them know that this is not a 9-5 mentality.

Above all, relax and enjoy the conversation.

Just my 2 cents

yzT

I have interviewed two times for that kind of position, and basically the only questions security related were: how to deal with a DDoS, how to check for SQLi and how to check for XSS.

The other questions were about Linux, networking, Windows protocols...

Danielm7

Spend some time before thinking about your current job, and even school and how it all relates to security tasks. In your current job do you go over server logs? Firewalls? Anything security related? Have you played with any open source tools even on your own? If you aren't already following this stuff brush up on the current big vulnerabilities since they might bring them up and you don't want to be clueless on it.

When I got my current security job a big vulnerability was in the news, not just the nerd news but yahoo, CNN, etc, if you read anything you would have likely heard of it. They asked one of the people who was competing for the same job about it, he never heard of it, or any of the current security topics you would have even heard of just reading Krebs on Security every few days. I had heard of it, gave them a breakdown about how it worked, etc, it shows passion and interest in a field you want to get into. Needless to say, I now work here, the other guy doesn't.

anhtran35

This may or may not help: https://danielmiessler.com/study/infosec_interview_questions/

BlackBeret

Know wireshark at a level that you can view traffic and know what you're looking at. What direction is the traffic (3-way handshake), what's occurring in the traffic, and be able to recognize various attack types. If someone's posting "<..script..> some random java here <../script..>" know what's happening. <script>alert('Traffic analysis and verifying attacks and false positives, that's the job.')</script>

MagnumOpus

Man, thanks a ton guys. This is extremely helpful and will certainly help putting my mind at ease. I can't thank you all enough, I'll keep you posted on the results.

TechGuru80

Wouldn't be surprised to hear something about man-in-the-middle attacks...what are they, possibly how they are accomplished, etc. Specific questions will be related to the job req and what relates. Some analyst positions don't deal with code but with log analysis for example.

MagnumOpus

Holy Cow Guys!! I got the job! They offered me the job right on the spot with immediate benefits after passing a 40 question assessment. I thought I totally forgot about the S+ lessons I learned months ago, but that damn Darril Gibson taught me better than I thought . Guys thanks a ton, my advancement over the last 2 years has been phenomenal, I can't thank you enough!

Dead end Worker Comp Job ---> Geek Squad

---

> Help Desk Technician

---

> Security Analyst!!!!!!!!!!

tahjzhuan

Congratulations!

Danielm7

That's awesome, congrats!

Codyy

Congrats, that's awesome. Any insight on the questions asked? I'll be looking for a similar position later this year. I have experience in the offensive side but not CND. Just passed CISSP but it isn't exactly technical. I definitely need to acquire some defensive / analyst skills.

RogueEnigma

Congrats Magnum! Welcome to the wonderful world of OPSEC. Just FYI, you will probably get tons of information fed to you in the first few weeks-months. It will feel like drinking from a fire hose. Just take plenty of notes and research as much information through security sites, blogs, etc as you can.

Have they discussed job duties, tools used, etc yet?

Again, congrats and enjoy the ride : )

Cyberscum

Great job and Congratz!

Funny story about my first security position...

The gov finally gave me adm rights to do network scans using RETINA. I started scanning and did not specify the IP range and long behold it started with IP's located in China (No freakin joke). The NOSC called and asked us to find the IP XXXXXXXX because it looks like an attack is taking place. long behold it was mine hahahahahahaha. I almost started WW3....

....Good luck~!

C/S

MagnumOpus

Codyy wrote: »

Congrats, that's awesome. Any insight on the questions asked? I'll be looking for a similar position later this year. I have experience in the offensive side but not CND. Just passed CISSP but it isn't exactly technical. I definitely need to acquire some defensive / analyst skills.

Thanks and sure thing. The question's asked were Security + based and taking the assessment was the easy part. The hardest part was reviewing your question with a higher up. Man, it was 2 levels below a boiler room. It's definitely a method of weeding out those lacking the basic fundamentals of S+. But to make a long story long , if you can pass S+ and retain the knowledge, the company I interviewed for was willing to bring me on.

MagnumOpus

RogueEnigma wrote: »

Congrats Magnum! Welcome to the wonderful world of OPSEC. Just FYI, you will probably get tons of information fed to you in the first few weeks-months. It will feel like drinking from a fire hose. Just take plenty of notes and research as much information through security sites, blogs, etc as you can.

Have they discussed job duties, tools used, etc yet?

Again, congrats and enjoy the ride : )

Thanks! I can't imagine what I'm in for, but if the ride is exhilarating I'm all in! By the way, I'm ordering a few journals for notes this week.

As far as my Job duties... Here's what I know:

Recognize and identify potential threats to the network and systems connected to the network from the Internet and Intranet.
Monitor critical infrastructure across the customer's environment to include firewalls, IDS/IPS devices, virtual networks, vulnerability scanners, VPNs, WANs, disaster recovery sites, etc.
Detect, research and respond to security incidents quickly and accurately.
Conduct research on IDS alerts/traffic and Vulnerability/Vendor threats/Log Monitoring.

If you have any advice on how I can get a head start, I'm all ears. Thanks again!

MagnumOpus

Cyberscum wrote: »

Great job and Congratz!

Funny story about my first security position...

The gov finally gave me adm rights to do network scans using RETINA. I started scanning and did not specify the IP range and long behold it started with IP's located in China (No freakin joke). The NOSC called and asked us to find the IP XXXXXXXX because it looks like an attack is taking place. long behold it was mine hahahahahahaha. I almost started WW3....

....Good luck~!

C/S

Thanks and thanks for teaching me exactly what not to do. Lmao! I'm borderline OCD and with this seed planted, I'll be double/triple checking my commands/work. I really do't know if I should love you or hate you right now. Hahahaha