Advanced Interview #siem #security-analytics #threat-intelligence

Security Data Engineer Interview Questions

Practise answering 5 interview questions for a Security Data Engineer role. Covers SIEM log sources, detection rule language, threat intelligence pipelines, security data lakes, and communicating security analytics.

Key vocabulary
  • SIEM: Security Information and Event Management — platform for collecting, correlating, and alerting on log data
  • Log source: system that generates security-relevant events (firewall, EDR, identity provider, cloud trail)
  • Detection rule: logic that identifies suspicious patterns in log data and generates alerts
  • Threat intelligence (TI): external data about known attackers, IOCs, TTPs — used to enrich detections
  • IOC: Indicator of Compromise — IP, domain, hash associated with known malicious activity
  • TTPs: Tactics, Techniques, Procedures — attacker behaviour framework (MITRE ATT&CK)
  • Security data lake: centralised storage of raw security telemetry for retrospective analysis and ML
0 / 5 completed
1 / 5
The interviewer asks: "Which SIEM log sources would you prioritise for detecting initial access attacks, and why?"
Which answer demonstrates the strongest threat-model thinking?