← Back to Home

Security Interview Questions — What Senior Engineers Need to Know

Security questions in senior interviews test whether you treat security as an afterthought or a first-class engineering concern. Interviewers expect you to explain authentication vs authorization clearly, reason about threat models, and identify common vulnerability patterns in system designs.

These 7 questions cover the security concepts that come up most in engineering interviews: OWASP top 10 vulnerabilities, encryption at rest vs in transit, token-based authentication, and the principles behind secure system design. Every senior engineer should be able to discuss these confidently.

All 7 Questions

Authentication vs AuthorizationWhat is the difference between authentication and authorization?JWT — 3 Parts, Signing, RevocationWhat are the three parts of a JWT? How are they signed and revoked?SQL InjectionWhat is SQL injection and how do you prevent it?CSRFWhat is CSRF and how do you prevent it?XSSWhat is XSS and how do you prevent it?OAuth 2.0 — Authorization Code FlowExplain the OAuth 2.0 Authorization Code Flow.Symmetric vs Asymmetric EncryptionWhat is the difference between symmetric and asymmetric encryption?

How to Prepare

Focus on understanding concepts deeply enough to explain them in your own words. For each topic, practice articulating the trade-offs and real-world applications — interviewers care about practical judgment, not textbook definitions.

Related Topics

Test Your Knowledge

Take a free AI-graded assessment across multiple domains. No signup required.

Start Free Assessment