Looking for a Remote Cybersecurity Job in 2021
It’s been long enough that I’d like to document my job search and interview process at a high level, hopefully for the benefit of others. If you’d like to understand the position I was in before the job search, you can look at my previous experiences on my CV page.
My criteria were: it had to be a security-focused role, it had to involve hands on technical work, it had to be remote-first friendly. Overall, I applied to 9 places, got 8 HR or recruiter screens, 6 hiring manager interviews, 5 final round interviews, 2 offers, 2 rejections, and 1 out of time. I’m not going to go through all of them, but there’s a few processes I’d like to call out.
Trail of Bits
This was by far the most humane and straightforward process. I was ultimately rejected, but I can’t even be upset about it. The process was:
- Recruiter screen
- Interview with hiring manager
- Time boxed take-home assessment
- Interview with team
- Acceptance or rejection
That’s it. Three calls, 30-60 minutes each, and one time boxed assignment that only took me a few hours to complete. Everyone was friendly, honest, and fair. The assignment tested the skills of the roles and didn’t take an absurd amount of time to complete, and couldn’t be cheated by expending undue effort. This is a model for other companies to follow.
I want to call out how absurd this process is. I spoke with their recruiter who told me I would not be eligible for a remote position because they typically only extend those to senior engineers, who require 8 years of work experience and I only have 6. Strike one. They also recommended me several books, study material, practice courses, and said they general advise people study for 6 months to 1 year to prepare for the Facebook interview process. Strike two. Your corporation is evil and I don’t want to work there that bad. Then once the process starts it can take a few months to complete, as there are several long an intense interview loops where they make use of outdated concepts such as whiteboarding. Strike three. I decided not to go any further, I was already far long with several other companies.
The irony, of course, is that one of my work focuses now is BPF, which is the product of many of the Linux Kernel engineers either employed by or sponsored by Facebook. I’m sure I’d love to be on one of their teams, but not if this is still the process.
The recruiter that spoke to me was robotic. She blasted through every question like a machine, and wrote my answers like a court stenographer. Rapidfire and inhuman. The hiring manager grilled me pretty aggressively on web security trivia. The light in this person’s eyes had clearly gone out long ago. I can still hear them saying “We are a data driven company, Rafael.” When I asked about their performance review process. Everything you do is logged, catalogued, processed, and analyzed. Add to that the stack ranking controversy and I can see why the recruiter was robotic: gotta get those metrics up! The hiring managers crushed soul was the product of a soul crushing environment. I asked some friends who work at Amazon and enjoy it how they can possibly get by in this environment. They said they loved the routine, they loved the data on themselves, they loved being able to microoptimize their behaviors to hit metrics and quantitatively assess themselves. I guess. Definitely not for me, and I think they could tell. I can’t imagine this environment produces much innovation, and I’m a researcher at heart.
I’m glad they rejected me, I consider this one a bullet dodged.
I don’t have many comments on the process itself, it was pretty much the same as Red Canary and Blend. However, I do want to point out the people that worked there. This seems to be a company that really cares about their employees and they make that evident in the interview process. The hiring manager was incredibly friendly, and when discussing the benefits of the role mentioned “there really aren’t enough worker protections in this country.” The fact that a hiring manager can even say that openly to a candidate speaks volumes. They rejected me in the final round because they had another candidate that solved their immediate needs, but I’d apply again in the future.
Pretty typical interview process. Started with a screen from a very friendly recruiter, then a non-technical interview with the hiring manager. There was a dead simple live coding exercise that was basically “before we move further I need to know that you can actually write python.” It was low stress and fair. Then we moved on to technical interviews with the hiring manager and the team. Everyone I met there was an excellent human being, and I felt like it was the most diverse team I had met in my interviewing process so kudos to them.
The red flags, unfortunately, came after I got an offer from them. They all started adding me on LinkedIn and talking to me like I was already working there, which felt just a tad pushy. The fact that everyone on the team did it weirded me out a little. I got another offer from another company that had more cash and less equity, but also aligned more with my interests (research). The recruiter kept emphasizing the equity, and showing me these spreadsheets with huge numbers, talking about how the equity would be worth millions under their five year plan. Blend announced their IPO last month. The equity would have been worthless, and their executives knew that. They were enticing engineers with huge equity packages on a one year cliff they knew they’d never have to deliver on. Incredibly shady, and I’m glad I didn’t take this offer. I had friends who had worked at other startups advise me that any startup equity is basically worthless, and to treat it as a lottery ticket.
I’d love to work with these humans, but not for this company.
This had the same kind of process ad Blend and Twilio, but with a take home assignment instead of a live assignment. This was the most time consuming take home assignment but it was also the one that excited me the most. I’ve told friends, “my dream job is getting paid to mess around in the Linux kernel,” and that’s basically what they were offering me.
I know people say not to normalize long take-home interview assignments, since it can be abusive. However, I was too intrigued by the premise of these assignments to turn it down. I honestly couldn’t stop thinking about them, and felt like I really wanted to do them anyway. I told them during the interview that if this is reflective of the day to day work, they’d have to remind me to take time off (which, as it turns out, my manager has had to do). I ultimately accepted an offer here.
So I’d say if you do get a lengthy take home assignment, at least see what it’s about before rejecting it out of turn. You might like it!