I applied through a staffing agency. The process took 3 weeks. I interviewed at Amach (Dublin, Dublin) in Nov 2025
Interview
I found the interview process to be rigorous and genuinely reflective of the role. It struck an excellent balance between high-level strategy - discussing how to influence engineering culture and implement a secure SDLC - and hands-on technical execution. I particularly appreciated the practical code review segment; being asked to identify specific vulnerabilities like Mass Assignment and XXE in actual Java code snippets felt far more relevant than standard theoretical questions, and it gave me confidence that the team values practical, real-world security skills.
Interview questions [1]
Question 1
One specific thing they asked was to perform a code review on a Java REST API. I had to identify a Mass Assignment vulnerability where an endpoint was binding request data directly to a persistence entity.