I haven’t left feedback on Glassdoor before, and decided to make an exception for XIFIN. The interview process was among the most unprofessional I’ve seen in my entire career.
I was apprehensive about applying because of their Glassdoor reviews. According to former employees, company management leaves fake positive review to balance out the real ones. I decided to give it a chance anyway.
Recruiting got in touch with me via text message a whole month and a half after I applied for the job. Your guess as to why is as good as mine. I had a 30-minute phone screen where they explained the role and asked questions about my resume.
They mentioned that several analysts had left the company once they learned the basics of security and pressed me on how long I would stay in the role if hired. The way this was described suggests that they blame former employees for progressing in their careers. It didn’t seem like there was any self-reflection on the company’s part – but if analysts keep leaving as soon as they can, there may be a reason for that.
I passed the phone screen and went on to my first interview with a member of the security team. It was mostly a personality interview with a few questions about my security background.
A few days went by with no feedback, and during this time I received an offer from another company. I sent recruiting an email asking for an update and didn’t get a response. Communication from them up to this point had already been lackluster, so I reached out to the hiring manager for feedback. This prompted recruiting to reply, who said that the first interview went well. They wanted to know my availability for the next interview, which I sent.
Even with my availability on hand, they wanted to call me to schedule for some reason. Recruiting emailed me on a weekday, asking if they could call me on Saturday to schedule. I agreed, and suggested a time for the call, which – you guessed it, went unanswered. Apparently, they expected me to sit around and wait for a phone call on Saturday. When they did call, I gave them the same availability information that I already sent via email the week before. They weren’t at a computer at the time and had to schedule the interview later in the day.
I started to wonder if recruiting was just this disorganized or if it had become intentional. What a mess.
I attended a video interview with the security team the following Monday. The meeting only opened five minutes before it started, which didn’t give me enough time to test and troubleshoot my audio and video settings. Half of the team disabled their webcams and were silent for the duration.
It was supposed to be a technical interview, but none of the questions were designed to gauge my technical ability. Nothing about networking, packet analysis, intrusion detection, or threat modeling. The standard security interview format that works, was replaced with one that calls for the candidate to self-assess. For example, “Would you consider yourself an expert with Splunk?”
Most of the questions they asked were basic, redundant, or both, with tells me a couple things.
1) They don't know how to conduct a structured security interview.
2) They aren’t technical enough to assess a candidate who is.
Here is what I mean - I explained that I am proficient with regex, and have experience writing Splunk parsers for raw logs. But then I was asked later if I could parse json data in Splunk. There were issues like this throughout the interview that made it a little bit awkward.
I think they’re over-cautious because they feel burned by other analysts who left but haven’t asked themselves why that is. They don’t seem very technical, so I think the best they can do is look for someone who will self-proclaim expertise at every item on a checklist.
I sent a follow-up email to the team thanking them for their time and emailed recruiting to make sure they were aware of the deadline for my existing offer. I gave them until my offer expired to respond and both emails went ignored, so I emailed recruiting to withdraw my application. They sent a short reply about 10 seconds later, just to make a point that they had intentionally been ignoring my correspondence. I’ve never seen anything so petty.
It is unprofessional to “ghost” a candidate, especially at that stage in the process.
I almost withdrew my application twice because communication from their recruiting team was so poor but committed to finishing it.
XIFIN – if you do get curious why analysts keep leaving, someone on the security team exudes complacency and arrogance. It might benefit them to remember that analysts are human beings as well as company assets.
I’m fortunate to have learned their character during the interview process.
TLDR: You may want to think twice before you apply to XIFIN’s security team.
