Thank you for applying to work for PEN Consultants as a Cybersecurity Technical Writer!
Overview – Full Interview Process
Each candidate applying to work for us as a technical writer must complete a 6-phase interview process before being extended a Conditional Job Offer (CJO). The general job details for cybersecurity technical writer can be found here: Technical Writer Interview – Phase 0
- This first phase is to help us ensure you understand our company, the positions we’ve taken on certain cybersecurity debates, how we interact with our clients, our strong faith culture, etc.
- In Phase 2, you get to tell us what you know about the information and cybersecurity industry.
- Phase 3 is all about your writing experiences.
- Phase 4 is a phone interview where we drill into more details about the position and your background.
- In the 5th phase, you will create a mock Findings and Recommendations Report.
- In the 6th and final stage, you will have an opportunity to meet the PEN Consultants team on a Zoom video call. You will be able to ask any questions you may have as well as be asked questions not covered in the interview process.
After receiving a CJO, the candidate must pass a full-scope background check (criminal, civil, drug screening, identity verification, credit history, employment and education verification, etc.).
Ready to get started?
Phase 1 – Getting to Know PEN Consultants
This phase is to help us ensure you understand our company, the positions we’ve taken on certain cybersecurity debates, how we interact with our clients, our strong faith culture, etc.
- Don’t overthink this! We’re just looking to make sure you understand how the security testing business works, the stances we’ve taken on certain topics, our company background, etc. Each question should not take you more than just a couple of minutes (max).
- When you are finished, please respond to our original email with a PDF of your responses.
- Honesty and transparency are always best. If you get into this and realize it’s not the type of work you were hoping for, it isn’t in line with your career goals, our opinions rub you the wrong way, etc., feel free to respond with a “Thanks for the opportunity, however, I don’t believe I’m interested at this time” email.
- Why do you want to work in the security and penetration testing industry?
- Summarize PEN Consultants’ company background, purpose, vision, and mission, the meaning behind our logo and slogan – Rock Solid Security, etc.
- Review: https://penconsultants.com/testingDiff
- Question: If a client is seeking to test their ability to detect and respond to an active threat, which service would you recommend and why?
- Question: If a client says they are in need of the most affordable solution for testing, which service would you recommend and why?
- Review: https://penconsultants.com/shields
- Question: Why should testing almost never be performed through firewalls/WAFs/etc. when auto mitigate/IPS type features are enabled? Should the tester’s IP be whitelisted, and if so, when? Explain.
- Question: Which compliance standard specifically states that security testing should not be performed through something such as a WAF in auto-block mode?
- Question: What benefit(s) is lost if testing from a whitelisted IP, followed by testing from a non-whitelisted IP? What benefit(s) is gained?
- What is a false positive, false negative, true positive, and true negative? How does that relate to this topic?
- Review: https://penconsultants.com/graybox
- Question: What are some of the benefits of white box testing?
- Question: Are there benefits to black box testing that cannot be achieved through white box?
- Review: https://penconsultants.com/services
- Question: What is a ballpark price for an internal penetration test for a network with 1,600 workstations? The client is not interested in debriefings, or any technical support afterward, just a report of our findings.
- Question: What is the monthly cost to have PEN Consultants on retainer (i.e. Cybersecurity Unlimited) for 10 hrs per month?
- Review: https://penconsultants.com/informed
- Question: If a client asks how they are kept informed during an engagement, what would you tell them?
- Review: https://penconsultants.com/testimonials
- Question: A prospective technology software company is asking for references to our past clients. What are some references you could provide?
- Review: https://penconsultants.com/home/services/nonprofits/
- Question: Why would faith-based organizations receive a 30% discount (or more), but no one else?
- Review: https://penconsultants.com/csr
- Question: What percentage of our revenue do we give to charity?
- Question: Who do we currently support?
- Review: https://penconsultants.com/report
- Download a copy of the report and review it. This is the deliverable you will have to create.
- Question: Which discovered vulnerability allowed us to gain access to 100% of the user passwords?
- Question: What attack is possible if the x-frame-options header, or equivalent, is missing in web server responses?
- Question: When looking at, or considering, other companies you could work for, what about PEN Consultants makes you want to work here?
- Question: What are some concerns you have at this stage of the interview process (about us, about the work, the environment, etc.)?
- Question: What questions do you have for us?
That’s it for the questions! You are encouraged to review the other pages and blog posts to continue familiarizing yourself with our company.