What interview questions should you ask when hiring a DevSecOps engineer?

Secure Code & Automation (DevSecOps)Talent Sourcing & Hiring
749 viewscircle icon2 Upvotescircle icon23 Comments
Sort by:
Director of IT in Software3 years ago

Maybe I can give my thoughts on this. This is roughly what I would ask,
1. What experience do you have with DevSecOps?
2. Explain the DevSecOps workflow process you follow.
3. How do you ensure security in a DevOps environment?
4. How do you make sure that your DevSecOps practices stay up-to-date with the latest security 
    threats?
5. Describe the tools and technologies you use when implementing DevSecOps.
6. How do you identify security vulnerabilities in a DevOps environment?
7. What challenges have you encountered when developing DevSecOps solutions?
8. What strategies do you use to ensure compliance with security policies?
9. How do you keep track of code changes during the DevSecOps process?
10. How do you ensure that security is maintained throughout the deployment process?

CIO in Services (non-Government)3 years ago

What path did you take to arrive at becoming a DevSecOps engineer and what make you want to continue on this career path. 

Director in Healthcare and Biotech3 years ago

We would pursue the software that the candidate is familiar with, specifically past accomplishments with examples of what was used, why, and how the project turned out. I would then discuss these with him/her to determine their full understanding of the process they may have used, what other options were available, what kind of things they'd do differently etc. 
This would continue in several directions to get a strong grasp of the candidates understanding of process as well as the software they are most familiar with and what they may be able to accomplish for you.

Global CTO in Construction3 years ago

I would start to understand his background, why he is looking for a change and his most difficult project in this area.

After that I would ask some more specific questions:
– What DevSecOps tool have you work with?
– How can you help us with security aspects (some examples)? How do you prioritize security vs. programming agility?
– Knowledge about automation tools and language codes.

CISO in Software3 years ago

Apart from all kinds of questions related to the tooling they used and why, building the security in etc., I would these candidates through a "case study". They'll get a description of a real production problem we had in a form of "support ticket" and we will let them ask questions and "look into production" until they identify the underlying problem. In this first stage, we are able to observe how they approach the troubleshooting, confirm that they know which tools should be used for what, etc. Then, we talk about prevention – essentially, I'd let them "run the retrospective" on the problem. This allows us to see how they think about resiliency, automation, testing, and also when to invest and when it does not make any sense.

Content you might like

Thoughts on self-healing applications? Any approaches or tools that look promising to you?

Does someone have advice on how they have balanced the risk/reward as it relates to introducing Open-Source Software to organization? My org is dipping its toe into the OSS world and the architecture and risk governance teams are looking to get ahead of these requests by coming up with policies and standards for OSS technology being brought into our environment. To clarify, this is not for software development and CI/CD pipelines, SDLC etc. This is for installing solutions that already exist out there (Zabbix, GreyLog, Prometheus etc.) into the organization's environment. We are looking to provide a balance on the obvious risk with the ability to move fast (like everyone else now).

What benefits drove you to adopt agile practices? Select all that apply.

Enhanced ability to manage changing priorities31%

Accelerated software delivery54%

Increased software maintainability41%

Increased team productivity43%

Improved business & IT alignment38%

Improved project visibility27%

Improved team morale17%

Improved engineering discipline16%

Better management of distributed teams13%

Reduced project cost14%

Reduced project risk11%

Improved response to volatile market conditions9%

Other (please specify)1%

View Results

As there is so much happening in the AI world. I would like to know what online courses(Udemy, Pluralsight etc) you would recommend for learning AI from the Data Engineer perspective?

Has your company implemented a hiring freeze?

Yes21%

No, but we have slowed hiring for non-essential roles.47%

No, we are hiring at a normal rate.29%

Other (tell us in the comments)2%

View Results