Interview - Blog | Minova - ATS Resume Builder

Introduction

Security Engineers protect organizations from cyber threats by implementing security controls, monitoring systems, and responding to incidents. As a junior security engineer, you'll need foundational knowledge of security principles, common vulnerabilities, and defensive technologies.

This guide covers essential interview questions for junior security engineers, focusing on core security concepts and practical skills.

Security Fundamentals

1. Explain the CIA Triad.

Answer: The CIA Triad is the foundation of information security:

Confidentiality:

Only authorized users can access data
Achieved through: encryption, access controls, authentication

Integrity:

Data remains accurate and unmodified
Achieved through: hashing, digital signatures, checksums

Availability:

Systems and data are accessible when needed
Achieved through: redundancy, backups, DDoS protection

Loading diagram...

Example Violations:

Confidentiality: Data breach exposing customer information
Integrity: Attacker modifying financial records
Availability: DDoS attack taking down website

Rarity: Very Common
Difficulty: Easy

OWASP Top 10

2. Name three items from the OWASP Top 10 and explain them.

Answer: OWASP Top 10 lists the most critical web application security risks:

1. Injection (SQL Injection): Attacker inserts malicious code into queries.

# Vulnerable code
username = request.GET['username']
query = f"SELECT * FROM users WHERE username = '{username}'"
# Attack: username = "admin' OR '1'='1"

# Secure code (parameterized query)
cursor.execute("SELECT * FROM users WHERE username = %s", (username,))

2. Broken Access Control: Users can access resources they shouldn't.

# Vulnerable: No authorization check
@app.route('/admin/users/<user_id>')
def get_user(user_id):
    return User.query.get(user_id)

# Secure: Check authorization
@app.route('/admin/users/<user_id>')
@require_admin
def get_user(user_id):
    if not current_user.is_admin:
        abort(403)
    return User.query.get(user_id)

3. Cross-Site Scripting (XSS): Attacker injects malicious scripts into web pages.

<!-- Vulnerable -->
<div>Welcome, {{ username }}</div>

<!-- Attack -->
username = "<script>alert('XSS')</script>"

<!-- Secure (escape output) -->
<div>Welcome, {{ username | escape }}</div>

Rarity: Very Common
Difficulty: Medium

3. How do you perform vulnerability management?

Answer: Vulnerability management is a continuous process of identifying, evaluating, and remediating security weaknesses.

Process:

Loading diagram...

Vulnerability Scanning:

# Nmap vulnerability scan
nmap --script vuln 192.168.1.100

# OpenVAS scan
openvas-start
# Access web interface at https://localhost:9392

# Nessus scan (commercial)
# Configure via web interface

Nessus Example:

# Automate Nessus scanning
import requests
import time

class NessusScanner:
    def __init__(self, url, access_key, secret_key):
        self.url = url
        self.headers = {
            'X-ApiKeys': f'accessKey={access_key}; secretKey={secret_key}'
        }
    
    def create_scan(self, name, targets):
        data = {
            'uuid': 'template-uuid',  # Basic Network Scan
            'settings': {
                'name': name,
                'text_targets': targets
            }
        }
        response = requests.post(
            f'{self.url}/scans',
            headers=self.headers,
            json=data,
            verify=False
        )
        return response.json()['scan']['id']
    
    def launch_scan(self, scan_id):
        requests.post(
            f'{self.url}/scans/{scan_id}/launch',
            headers=self.headers,
            verify=False
        )
    
    def get_results(self, scan_id):
        response = requests.get(
            f'{self.url}/scans/{scan_id}',
            headers=self.headers,
            verify=False
        )
        return response.json()

# Usage
scanner = NessusScanner('https://nessus:8834', 'access_key', 'secret_key')
scan_id = scanner.create_scan('Weekly Scan', '192.168.1.0/24')
scanner.launch_scan(scan_id)

Patch Management:

# Linux patch management
# Ubuntu/Debian
sudo apt update
sudo apt list --upgradable
sudo apt upgrade -y

# CentOS/RHEL
sudo yum check-update
sudo yum update -y

# Automated patching
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

Prioritization Matrix:

CVSS Score	Exploitability	Asset Criticality	Priority
Critical (9-10)	Public exploit	Production	P1 (Immediate)
High (7-8.9)	PoC available	Production	P2 (1 week)
Medium (4-6.9)	No exploit	Internal	P3 (1 month)
Low (0-3.9)	No exploit	Dev/Test	P4 (Next cycle)

Remediation Tracking:

# Vulnerability tracking
class VulnerabilityTracker:
    def __init__(self):
        self.vulnerabilities = []
    
    def add_vulnerability(self, vuln):
        self.vulnerabilities.append({
            'id': vuln['id'],
            'severity': vuln['severity'],
            'asset': vuln['asset'],
            'status': 'open',
            'discovered': datetime.now(),
            'sla_deadline': self.calculate_sla(vuln['severity'])
        })
    
    def calculate_sla(self, severity):
        sla_days = {
            'critical': 7,
            'high': 30,
            'medium': 90,
            'low': 180
        }
        return datetime.now() + timedelta(days=sla_days[severity])
    
    def get_overdue(self):
        return [v for v in self.vulnerabilities 
                if v['status'] == 'open' and 
                datetime.now() > v['sla_deadline']]

Rarity: Common
Difficulty: Easy-Medium

Encryption Basics

4. What's the difference between symmetric and asymmetric encryption?

Answer:

Symmetric Encryption:

Same key for encryption and decryption
Fast
Examples: AES, DES, 3DES

Asymmetric Encryption:

Public key encrypts, private key decrypts
Slower
Examples: RSA, ECC

# Symmetric encryption (AES)
from cryptography.fernet import Fernet

# Generate key
key = Fernet.generate_key()
cipher = Fernet(key)

# Encrypt
encrypted = cipher.encrypt(b"Secret message")

# Decrypt
decrypted = cipher.decrypt(encrypted)

# Asymmetric encryption (RSA)
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization

# Generate key pair
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048
)
public_key = private_key.public_key()

# Encrypt with public key, decrypt with private key

Use Cases:

Symmetric: Encrypting large data (files, databases)
Asymmetric: Key exchange, digital signatures, SSL/TLS

Rarity: Very Common
Difficulty: Easy-Medium

5. How does SSL/TLS work and how do you manage certificates?

Answer: SSL/TLS encrypts data in transit between client and server.

TLS Handshake:

Loading diagram...

How It Works:

Client Hello: Client sends supported cipher suites
Server Hello: Server chooses cipher, sends certificate
Certificate Verification: Client validates certificate chain
Key Exchange: Establish shared secret
Encrypted Communication: Use symmetric encryption

Certificate Components:

# View certificate details
openssl x509 -in certificate.crt -text -noout

# Certificate contains:
# - Subject (domain name)
# - Issuer (CA)
# - Validity period
# - Public key
# - Signature

Certificate Management:

Generate CSR (Certificate Signing Request):

# Generate private key
openssl genrsa -out private.key 2048

# Generate CSR
openssl req -new -key private.key -out request.csr

# View CSR
openssl req -text -noout -verify -in request.csr

Self-Signed Certificate (Testing):

# Generate self-signed certificate
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes

# Combine for server use
cat cert.pem key.pem > server.pem

Install Certificate:

# Nginx
server {
    listen 443 ssl;
    server_name example.com;
    
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
}

# Apache
<VirtualHost *:443>
    ServerName example.com
    
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/cert.pem
    SSLCertificateKeyFile /etc/apache2/ssl/key.pem
    SSLCertificateChainFile /etc/apache2/ssl/chain.pem
    
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite HIGH:!aNULL:!MD5
</VirtualHost>

Common Misconfigurations:

1. Weak Protocols:

# Bad: Allows SSLv3, TLSv1.0
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

# Good: Only modern TLS
ssl_protocols TLSv1.2 TLSv1.3;

2. Weak Ciphers:

# Test SSL configuration
sslscan example.com
nmap --script ssl-enum-ciphers -p 443 example.com

# Or use online tools
# https://www.ssllabs.com/ssltest/

3. Expired Certificates:

# Check certificate expiration
openssl s_client -connect example.com:443 -servername example.com < /dev/null 2>/dev/null | \
    openssl x509 -noout -dates

# Monitor expiration
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | \
    openssl x509 -noout -enddate

Certificate Automation (Let's Encrypt):

# Install certbot
sudo apt install certbot python3-certbot-nginx

# Obtain certificate
sudo certbot --nginx -d example.com -d www.example.com

# Auto-renewal (cron)
0 0 * * * certbot renew --quiet

Troubleshooting:

# Test TLS connection
openssl s_client -connect example.com:443 -servername example.com

# Verify certificate chain
openssl verify -CAfile ca-bundle.crt certificate.crt

# Check certificate matches private key
openssl x509 -noout -modulus -in cert.pem | openssl md5
openssl rsa -noout -modulus -in key.pem | openssl md5
# Hashes should match

Rarity: Common
Difficulty: Medium

Firewalls

6. Explain stateful vs stateless firewalls.

Answer:

Stateless Firewall:

Examines each packet independently
No connection tracking
Faster but less secure
Example: Basic packet filter

Stateful Firewall:

Tracks connection state
Remembers previous packets
More secure
Example: Modern firewalls

# iptables (stateful)
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow new SSH connections
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

# Drop everything else
iptables -A INPUT -j DROP

Connection States:

NEW: First packet of connection
ESTABLISHED: Part of existing connection
RELATED: Related to existing connection
INVALID: Doesn't match any state

Rarity: Common
Difficulty: Medium

SIEM

7. What is a SIEM and why is it important?

Answer: SIEM (Security Information and Event Management) centralizes log collection and analysis.

Core Functions:

Log Collection: Gather logs from multiple sources
Normalization: Standardize log formats
Correlation: Identify patterns and relationships
Alerting: Notify on suspicious activity
Reporting: Compliance and forensics

Loading diagram...

Use Cases:

Detect brute force attacks
Identify data exfiltration
Monitor privileged access
Compliance reporting (PCI-DSS, HIPAA)

Popular SIEM Tools:

Splunk
ELK Stack (Elasticsearch, Logstash, Kibana)
IBM QRadar
ArcSight

Rarity: Common
Difficulty: Medium

8. What is the difference between IDS and IPS?

Answer: IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) monitor network traffic for threats.

Key Differences:

Feature	IDS	IPS
Action	Detects and alerts	Detects and blocks
Placement	Out-of-band (passive)	Inline (active)
Impact	No traffic disruption	Can block legitimate traffic
Response	Manual	Automatic
False Positives	Less critical	More critical

IDS Deployment:

Loading diagram...

IPS Deployment:

Loading diagram...

Snort Configuration (IDS/IPS):

# Install Snort
sudo apt install snort

# Configure network
sudo vi /etc/snort/snort.conf
# Set HOME_NET
ipvar HOME_NET 192.168.1.0/24
ipvar EXTERNAL_NET !$HOME_NET

# Run in IDS mode
sudo snort -A console -q -c /etc/snort/snort.conf -i eth0

# Run in IPS mode (inline)
sudo snort -Q -c /etc/snort/snort.conf -i eth0

Snort Rules:

# Rule syntax
# action protocol src_ip src_port -> dst_ip dst_port (options)

# Detect SQL injection
alert tcp any any -> $HOME_NET 80 (msg:"SQL Injection Attempt"; \
    content:"UNION SELECT"; nocase; sid:1000001; rev:1;)

# Detect port scan
alert tcp any any -> $HOME_NET any (msg:"Port Scan Detected"; \
    flags:S; threshold:type both, track by_src, count 20, seconds 60; \
    sid:1000002; rev:1;)

# Detect brute force SSH
alert tcp any any -> $HOME_NET 22 (msg:"SSH Brute Force"; \
    flags:S; threshold:type both, track by_src, count 5, seconds 60; \
    sid:1000003; rev:1;)

# Block malicious IP (IPS mode)
drop tcp 203.0.113.50 any -> $HOME_NET any (msg:"Blocked Malicious IP"; \
    sid:1000004; rev:1;)

Suricata (Modern Alternative):

# Install Suricata
sudo apt install suricata

# Update rules
sudo suricata-update

# Run Suricata
sudo suricata -c /etc/suricata/suricata.yaml -i eth0

# View alerts
sudo tail -f /var/log/suricata/fast.log

Alert Analysis:

# Parse Snort alerts
import re
from collections import Counter

def analyze_snort_alerts(log_file):
    alerts = []
    
    with open(log_file, 'r') as f:
        for line in f:
            # Parse alert
            match = re.search(r'\[\*\*\] \[(\d+):(\d+):(\d+)\] (.+?) \[\*\*\]', line)
            if match:
                alerts.append({
                    'sid': match.group(1),
                    'message': match.group(4),
                    'line': line
                })
    
    # Top alerts
    alert_counts = Counter([a['message'] for a in alerts])
    print("Top 10 Alerts:")
    for alert, count in alert_counts.most_common(10):
        print(f"{count:5d} - {alert}")
    
    return alerts

# Usage
alerts = analyze_snort_alerts('/var/log/snort/alert')

Common Attack Signatures:

# SQL Injection
content:"' OR 1=1--";
content:"UNION SELECT";

# XSS
content:"<script>";
content:"javascript:";

# Command Injection
content:";cat /etc/passwd";
content:"|whoami";

# Directory Traversal
content:"../../../";

# Shellshock
content:"() { :; };";

Best Practices:

Regularly update signatures
Tune rules to reduce false positives
Monitor IPS for blocked legitimate traffic
Integrate with SIEM for correlation
Test in IDS mode before enabling IPS

Rarity: Common
Difficulty: Medium

Security Best Practices

9. How do you secure passwords?

Answer: Multi-layered password security:

1. Hashing (not encryption):

import hashlib
import os

def hash_password(password):
    # Generate salt
    salt = os.urandom(32)
    
    # Hash password with salt
    key = hashlib.pbkdf2_hmac(
        'sha256',
        password.encode('utf-8'),
        salt,
        100000  # iterations
    )
    
    # Store salt + hash
    return salt + key

def verify_password(stored_password, provided_password):
    salt = stored_password[:32]
    stored_key = stored_password[32:]
    
    key = hashlib.pbkdf2_hmac(
        'sha256',
        provided_password.encode('utf-8'),
        salt,
        100000
    )
    
    return key == stored_key

2. Password Policy:

Minimum length (12+ characters)
Complexity requirements
Password history
Expiration (controversial)

3. Additional Security:

Multi-factor authentication (MFA)
Account lockout after failed attempts
Password strength meter
Breach detection (Have I Been Pwned API)

Never:

Store passwords in plaintext
Use weak hashing (MD5, SHA1)
Hash without salt

Rarity: Very Common
Difficulty: Medium

Incident Response

10. What are the phases of incident response?

Answer: NIST Incident Response Lifecycle:

1. Preparation:

Develop IR plan
Train team
Set up tools and monitoring

2. Detection & Analysis:

Identify incidents
Analyze scope and impact
Prioritize response

3. Containment:

Short-term: Isolate affected systems
Long-term: Apply patches, rebuild systems

4. Eradication:

Remove malware
Close vulnerabilities
Strengthen defenses

5. Recovery:

Restore systems
Monitor for reinfection
Return to normal operations

6. Post-Incident:

Document lessons learned
Update procedures
Improve defenses

Loading diagram...

Rarity: Common
Difficulty: Medium

Conclusion

Preparing for a junior security engineer interview requires understanding security fundamentals and practical skills. Focus on:

Fundamentals: CIA triad, security principles
OWASP: Common web vulnerabilities
Vulnerability Management: Scanning, patching, prioritization
Cryptography: Encryption, hashing, certificates
SSL/TLS: Certificate management, common misconfigurations
Defensive Tools: Firewalls, SIEM, IDS/IPS
Best Practices: Secure coding, password security
Incident Response: Detection, containment, recovery

Stay updated with security news, practice in labs, and pursue certifications (Security+, CEH). Good luck!

Table of Contents

Junior Security Engineer Interview Questions: Complete Guide

Introduction

Security Fundamentals

1. Explain the CIA Triad.

OWASP Top 10

2. Name three items from the OWASP Top 10 and explain them.

3. How do you perform vulnerability management?

Encryption Basics

4. What's the difference between symmetric and asymmetric encryption?

5. How does SSL/TLS work and how do you manage certificates?

Firewalls

6. Explain stateful vs stateless firewalls.

SIEM

7. What is a SIEM and why is it important?

8. What is the difference between IDS and IPS?

Security Best Practices

9. How do you secure passwords?

Incident Response

10. What are the phases of incident response?

Conclusion

Stop Applying. Start Getting Hired.

Share this post

Weekly career tips that actually work

Weekly career tips that actually work

Related Posts

Senior Security Engineer Interview Questions: Complete Guide

Penetration Tester Interview Questions: Complete Guide

Junior DevOps Engineer Interview Questions: Complete Guide

Stop Applying. Start Getting Hired.

Share this post

Get Hired 50% Faster