Features
StartupsEnterpriseRemote TeamsTech HiringRecruiters
React DevelopersPython DevelopersFull-Stack DevelopersFrontend DevelopersBackend DevelopersData EngineersDevOps EngineersBrowse all roles →
Pricing
HackerRankCodilityTestGorillaLeverGreenhouseCoderPadKarat
Use CasesAssessment TemplatesBlogFAQ
Sign InStart Free Trial

Security Engineer Assessment Template

A ready-to-run security hiring test covering AppSec, crypto, threat modeling, and cloud security — with real vulnerable code and CTF-style tasks.

Use This TemplateHire This Role
Duration
90 minutes
Questions
10
Level
Senior
Passing Score
70%

What this template measures

Every skill needed for a security engineer hire, covered across MCQ, coding, and essay questions.

OWASP Top 10

Injection, auth, XXE, SSRF, misconfiguration.

Cryptography

Symmetric/asymmetric, hashing, TLS, common mistakes.

Threat Modeling

STRIDE, attack trees, risk assessment.

Cloud Security

AWS/GCP IAM, network security, secrets management.

Code Review

Spotting vulnerable code across languages.

Incident Response

Detection, containment, forensics basics.

Sample questions from this template

A preview of the questions you'll see when you use this template.

Multiple ChoiceMediumQuestion 1

A web app stores passwords using MD5. Which is the MOST accurate critique?

  • A.MD5 is fast and appropriate for passwords
  • B.MD5 is broken cryptographically and vulnerable to collision
  • C.MD5 is acceptable with a salt
  • D.MD5 is fine; the issue is storage location

Hint: Password hashing needs specific properties.

EssayHardQuestion 2

Review this Python code and identify all security issues: ```python @app.route('/search') def search(): q = request.args.get('q') db.execute(f"SELECT * FROM items WHERE name LIKE '%{q}%'") return jsonify(result) ``` List every issue and write a secure version.

CodingHardPython or Node.jsQuestion 3

Implement secure password hashing and verification: - Use Argon2id (or bcrypt if unavailable) - Configurable memory cost and parallelism - Compare-in-constant-time for verification - Rehash on verify if parameters have changed Return { hash, verify, rehashNeeded } functions.

EssayHardQuestion 4

Threat-model a SaaS app with multi-tenant Postgres, OAuth login, and webhooks. Identify top 5 risks using STRIDE and propose mitigations for each.

Scoring rubric

How candidates are evaluated on this template.

Dimension
Description
Weight
Vulnerability Identification
Catches issues in code and design.
35%
Fix Quality
Proposed fixes are correct and complete.
25%
Threat Modeling
Identifies threats systematically.
20%
Cryptographic Correctness
Uses primitives correctly.
10%
Communication
Explains severity and reasoning clearly.
10%

Frequently asked questions

Are CTF tasks hosted safely?+

Yes. All tasks run inside isolated sandboxes. Candidates exploit intentionally-vulnerable code with no risk to production systems.

Can I customize this template?+

Yes. Every question, time limit, weighting, and rubric dimension is fully editable. Use the template as a starting point and tailor it to your role and seniority level.

Does this template include AI cheat detection?+

Yes. All ClarityHire assessment templates ship with code coherence AI, keystroke biometrics, and paste detection enabled by default. You can dial integrity level per role.

Can candidates see sample questions before starting?+

Yes. Each template supports unscored practice questions so candidates warm up before the real assessment begins. That way you measure skill, not test anxiety.

Related assessment templates

Other role-specific templates you might want to customize.

DevOps Engineer Template

Infra-focused assessment with security touches.

Backend Developer Template

Backend assessment with secure-coding focus.

Launch Your Security Engineering Assessment Today

Customize this template and invite candidates in minutes.

Use This Template