Hey guys!

I've managed to land an app sec engineer role with a global organisation. I come from a web app developer background (web app apprenticeship + junior role, 2 ½ total) and currently doing digital forensics as a technician.

What sort of things should I be recapping / learning about to prepare for this interview? There is a technical competency section of the interview which is the main bit I'm scared for, as the organisation I was an apprentice with didn't do much security first development, it was mainly just write code, push to github, have another dev look over it and then publish! Nothing about CI/CD (still don't quite understand what this is), SAST / DAST etc

Some guidance would be great!

TIA

Edit - added the essential + desires criteria below:

ESSENTIAL: • Familiarity with at least one programming language (e.g., Python, JavaScript, etc) with demonstrable experience of building and developing digital software projects using this language. • Ability to explain technical concepts to both technical and non-technical stakeholders. • Demonstrable experience learning collaboratively with others on technical concepts and using this to break down complex problems. • Demonstratable experience of some technical security knowledge and common security vulnerability categories.• Experience leading, building or actively engaging in a community through roles such as coordinating events, engaging with members and/or attracting new members DESIRED: • Familiarity with threat modelling (STRIDE or similar), secure coding best practices, and DevSecOps principles. • Experience contributing to open-source or internal engineering tools. • Experience deploying, operating, and troubleshooting applications in AWS environments. • Participation in security or developer communities and/or experience in mentoring or leading peer education sessions. • Familiarity with CI/CD pipelines, infrastructure as code (e.g., Terraform), and container security.

I am a senior appsec engineer and have worked around sast, dast, threat modeling etc. Because I also have extensive penetration testing experience, I am very well aware of owasp top 10, cloud and network security.

I somehow got selected for final application security manager interview with technical director and I am scared. My current role is senior appsec engineer but I have never managed a team in appsec. What should I expect in the interview because I assume it will be more non-technical. Or am I not ready for this role?

Hi, I have an application security engineer interview coming up next week in the Uk. Its after the initial screening for interview. It would contain questions about my background as well as scenario based questions. Its my first interview and I don't have much idea about it. Can someone help me on this, like what questions can I expect, any source that I can utilize etc. Thanks.