Cybersecurity Interview Questions Collections

July 4, 2026 · View on GitHub

Security interview questions for different security skills with possible explanations.

Cybersecurity Interview Questions

This GitHub repo is for security professionals who want to prepare for various security roles with different skill sets, such as AppSec, DevSecOps, cloud security, etc.

Feel free to contribute to different security interview pages based on your interview experience. I am adding interview questions based on my experience and different network conversations on the same topic(s).

Which file should I use? (AppSec / API / Web / Security Architect)

Four files in this repo — Application Security, API Security, Web Security, and the Security Architect scenarios — cover closely related ground by design, so they're split by role and altitude rather than by topic alone, and they cross-link to each other instead of duplicating content. Use this table to pick the right starting point for the role you're preparing for or hiring against:

FileTarget roleAltitude / focusFormat
Application SecurityAppSec Engineer (junior → senior/staff), developer-facing securitySDLC-centric: secure code review, secure coding, threat modeling, SDL process, cryptography basics — "how do you get engineering to build secure software"Question lists with guidance on what to listen for, plus a secure-code-review round with vulnerable code snippets
API SecurityAPI Security Engineer, AppSec-with-API-focusOWASP API Security Top 10, JWT/OAuth2/mTLS, GraphQL & gRPC authorization, API gateway architecture — the "machine-to-machine interface" specializationConceptual Q&A + 8 scenario-based questions with vulnerable/fixed code and diagrams
Web Security / PentestWeb App Penetration Tester, Web Security EngineerOffensive/exploit mechanics: browser security model (SOP/CORS/CSP), OWASP Top 10 exploit internals, session/auth attacks, pentest methodology & toolingConceptual Q&A + 6 scenario-based questions with PoC-style walkthroughs and fixes
Security Architect ScenariosSecurity Architect / Staff-Principal AppSec, Product Security ArchitectProgram & architecture altitude: threat-modeling programs, security champions, secure-by-design, architecture review boards, secrets/crypto/key management, zero trust, multi-tenancy, insider threat, M&A diligence, SSO/federation24 scenario-based questions, discussion-style answers with diagrams

Rule of thumb: if the question is about how a specific exploit or vulnerability class works, it lives in Web Security (browser-facing) or API Security (API-surface-specific). If it's about how to build, review, or ship secure code day to day, it's in Application Security. If it's about designing or running a security program/architecture at scale, it's in the Security Architect file. For AI/LLM/agentic systems specifically, see the dedicated AI Security Interview Questions file instead — it follows the same scenario-based format for that domain.

ToC

  1. Common Security Interview Questions
  2. Web Security/ Penetration testing Interview Quesitons
  3. Application Security Interview Questions
  4. API Security Interview Questions
  5. Network Security Interview Questions
  6. AWS Security Interview Questions
  7. GCP Security Interview Questions
  8. DevSecOps Interview Questions
  9. Container Interview Questions
  10. SOC Interview Questions
  11. GRC Interview Questions
  12. AI Security Interview Questions
  13. Security Architect Scenario-Based Interview Questions