Hi everyone, I\'m creating this post just so anyone applying/interviweing for this position can receive some help or guidance for their prep. I had my screening interview for the position of **Product Security Engineer at Meta**. The interview was for an hour and the recruiter had previosuly told me that **~30 minutes would be alotted for a live coding exercise** and the rest of the **~30 minutes for questions focused on security**. He also told me the the coding exercise would deal with a starightforward problem of strings or arrays. I have been LC-ing for a while and so strings and arrays was not an issue for me but still practiced some medium level questions and other string/array manipluation problems.\nMy interviewer was really nice. We introduced oursleves and went right into the coding exercise which was on Coderpad. He asked me to write a program to check if a string was a palindrome. Idk if this is a Coderpad thing or this particular interview but i did not have to deal with any test cases. So I wrote the program and made sure I was talking through it. Then ran some manual test cases line by line for the program I wrote. I then asked the interviewer if he wanted me to account for special characters and lowercase/uppercase letters at this point and he said yes, and I did the same line by line thing. I was fairly confident in my ability to write this lol. I am still pretty new to Leetcode and have mostly only solved easy level quesions but palindrome was not a hard one. The hard part for me was to make sure I was talking and explaining myself well through it and being confident and concise.\n\nAfter the interviewer was satisfied with some test cases we ran through, we moved on to security questions. He gave me this scenario verbally: "I am a software developer and my feature right now is to add a login page to my website. And you\'re the security engineer who has to advise me on all the security related issues for this feature"\nI then went to explain things like:\n*  Injection Attacks (we then spoke about SQL injection attacks, how to mitigate those, encryption of the database, hashing of passwords, salting in hashing, hashing/encryption algos)\n*  XSS attacks (and attacks in JS)\n*  Implementing rate limits or time limits to reduce possibility of brute force attacks\n*  Not disclosing critical info when throwing errors or exceptions in case of wrong credentials\n*  Input validation, sanitization\n*  Session management\n*  Cookie management and cookie flags (I fumbled big time here lol)\n*  HTTP, HTTPS, and HSTS (I actually had never heard of HSTS before so could not answer his questions for it)\n\nThrough a lot of the above secruity questions, I was also asked many follow up questions like how attackers can exploit it, how it can be prevented, what info can be disclosed, what can happen if this info is disclosed, what if info is not disclosed can attacker still somehow perform malicious acts etc.\n\nThe interviwer then gave about 10 minutes for me to ask any questions I had for him. I asked him about his work, his team, his experience as a bug bounty hunter both independent and at Meta. Training provided on the job. \n\nOverall my experice was fine. I am hoping I make it past this and go on to perform well in the onsite interviews. PRAY FOR ME GUYS!!! I hope this helps yall.\n\n**UPDATE**: Didn\'t make it through. I asked for feedback but don\'t believe I\'ll hear from them again :(\nGood luck to anyone else interviewing though! Job hunting sucks and I hope everyone has people supporting/cheering for them throughout it.\n\n

Hi everyone, I\'m creating this post just so anyone applying/interviweing for this position can receive some help or guidance for their prep. I had my screening