10010101 101110 11001 001 101 0111 101101 01101

6 Questions to Ask When Interviewing for an AppSec Role

You wrote the perfect resume, the interview is going well! Now the classic “Do you have any questions for us?” is coming. Asking questions is a great way to look prepared, show your interest, and learn more about the company...

But what should you ask?

In this blog post, we’ve compiled a few questions that will help you learn as much as possible about the team you’re looking to join and demonstrate that you know how to ask the right questions. Keep in mind, it’s best to pick one or two questions that are most important to you rather than asking all of them.

1. When trying to solve a problem, does the team usually build or buy?

Understanding whether the team leans towards building in-house solutions or purchasing commercial tools can give you insight into the type of work you’ll be doing. If the team builds its own tools, you might be involved in more creative and development-heavy tasks. If they prefer to buy, your role may focus more on deploying and managing these tools. Both approaches have their merits; the key is knowing which one aligns better with your preferences.

2. What training is provided to the team?

Training is a crucial part of staying current in the ever-evolving field of AppSec. Look for opportunities to attend conferences and access high-quality training platforms like PentesterLab PRO. Continuous learning will not only help you grow professionally but also keep the team at the forefront of security practices.

3. How does the team interact with the development and DevOps teams?

The nature of the relationship between AppSec, development, and DevOps teams can significantly impact your work environment. Ideally, these teams should work closely together, fostering collaboration rather than operating in silos. Avoiding adversarial interactions is crucial. You might also ask: “Is there a group or process around the adoption of new technologies, and is the AppSec team part of it?” This can reveal how integrated the AppSec team is within the broader technology strategy of the company.

4. What does a typical day look like?

This question will help you gain an understanding of your daily responsibilities. Will your days be filled with meetings, design reviews, code reviews, or penetration testing? Knowing this can help you assess if the day-to-day work aligns with your interests, aspirations, and strengths.

5. What are the next three things you need to solve in your AppSec program?

This question helps you gauge the maturity of the AppSec team. Are they proactive with a clear strategy, or are they constantly putting out fires? A team with a strategic approach to upcoming challenges is likely to offer a more structured and fulfilling work environment.

6. Tell me about a recent win for the AppSec team.

Hearing about recent successes can provide insight into the team’s achievements and their approach to celebrating and building on these successes. It’s also a great way to understand the team’s maturity level and whether they have a strategy that is effectively implemented.

Conclusion

Asking these questions can help you gather critical information about the potential role and work environment, ensuring that it aligns with your professional goals and work style. Remember, an interview is a two-way street; it’s as much about you finding the right fit as it is about the employer evaluating you.

Photo of Louis Nyffenegger
Written by Louis Nyffenegger
Founder and CEO @PentesterLab