Advanced Interview #security #zero-trust #api-security

Security Engineer Interview Questions

5 exercises — choose the best-structured answer to common Security Engineer interview questions focusing on AuthN/AuthZ, API protection, secrets management, and zero trust implementation.

Structure for Security Engineer answers
  • Tip 1: Always separate authentication (identity) from authorisation (permission)
  • Tip 2: Use "defence-in-depth" as a framing principle — name all layers
  • Tip 3: Give concrete attack examples (SSRF → AWS IMDS, XSS → cookie theft)
  • Tip 4: Name specific tools (Vault, OPA, Istio, IMDSv2) to demonstrate real-world experience
0 / 5 completed
1 / 5
The interviewer asks: "What is the difference between authentication and authorisation?"
Which answer is most precise for a security engineering interview?