The interview was normal and asked expected questions that you would except in an interview for security consultant. No surprises or tricky questions that you couldn't anticipate for the level of the interview
The process took 2 weeks. I interviewed at NCC Group
Interview
It's an unpaid waste of time. They give you a week to fully audit a vulnerable web app, and if your report isn't exactly how they want it (they give confusing rules) they ask you to redo it. I wasted 15 hours between talking to these people and diagnosing their web challenge.
So here's what the web challenge is; Mantis Bug Tracker version .19. The admin credentials are administrator:admin, there are a few SQLI, a lot of XSS and some RCE. Also according to the hiring manager most successful applicants don't realize the vulnerable web app is mantis bug tracker (they make zero modifications) which is concerning since the version is plastered over every public copyright on the scripts. Really really bad hiring process.
Don't apply here unless you like doing unpaid labor. If you do use the above hints to make it go faster.
Interview questions [1]
Question 1
Two pentest challenges, mantis bt and reversing a protocol (but I never got to do it)
I applied online. I interviewed at NCC Group (Chicago, IL) in Mar 2023
Interview
Practical Assessment and hiring manager discussion. You will get the decision within a week. The practical assessment contains all OWASP 10 vulnerabilities. Hiring manager round discussion depends on the manager
I applied in-person. The process took 3 weeks. I interviewed at NCC Group (Manchester, England) in Jul 2022
Interview
One external recruiter and then a 2-stage process.
The first stage is internal HR.
The second stage is with the Hiring Manager.
Review my CV and discuss my experiences: nothing strange and a linear process.
