I interviewed with three people. First, I interviewed with two developers, one of whom seemed like he may have been a manager. The questions that I think doomed me were questions about HTTP status codes and CSRF/XSS attacks.
The HTTP status code thing went something like "Why don't you name off some HTTP status codes?" So I rattled off the ones I knew off the top of my head, but then he asked me for more. It's the kind of question you can look up in about 30 seconds if you need to, but in an interview setting it's difficult to recall the ones you don't see often.
The manager guy also asked me to describe CSRF and XSS and the details of how those exploits work. I knew what they were, but I hadn't actually examined or written one before. I did learn about them inside and out when I completed the latest Stripe CTF though. I thought that question was reasonable, and I just didn't know it.
There were also some questions about caching in high-traffic environments, which I didn't know much about but I knew enough about it to tell them that I would be able to pick it up quickly. I don't think they liked when I admitted not knowing something though. It also seemed kind of interesting that there was so much emphasis on it since I wasn't interviewing to work with the main developer team but with one of their splinter offices who builds proofs of concept and prototypes.
I did pretty well on the rest of it, including the 2nd part of the interview with one of their in-house tool developers. There was supposed to be a third part where I would have interviewed with a non-developer to assess culture fit, but they ended my interview before that part.
I think I probably bombed it because I've been consulting for a long time and have a different development approach than they were looking for.
The HTTP status code thing went something like "Why don't you name off some HTTP status codes?" So I rattled off the ones I knew off the top of my head, but then he asked me for more. It's the kind of question you can look up in about 30 seconds if you need to, but in an interview setting it's difficult to recall the ones you don't see often.
The manager guy also asked me to describe CSRF and XSS and the details of how those exploits work. I knew what they were, but I hadn't actually examined or written one before. I did learn about them inside and out when I completed the latest Stripe CTF though. I thought that question was reasonable, and I just didn't know it.
There were also some questions about caching in high-traffic environments, which I didn't know much about but I knew enough about it to tell them that I would be able to pick it up quickly. I don't think they liked when I admitted not knowing something though. It also seemed kind of interesting that there was so much emphasis on it since I wasn't interviewing to work with the main developer team but with one of their splinter offices who builds proofs of concept and prototypes.
I did pretty well on the rest of it, including the 2nd part of the interview with one of their in-house tool developers. There was supposed to be a third part where I would have interviewed with a non-developer to assess culture fit, but they ended my interview before that part.
I think I probably bombed it because I've been consulting for a long time and have a different development approach than they were looking for.