Where can you find qualified {role_name}?

What are the best practices for headhunting {role_name}?

How to shortlist candidates?

Once you have started to get applications from applicants, a thorough screening process and shortlisting of prospects will help you make the most of your time spent with the most qualified ones. 

Automated shortlisting tools :

Automated screening quickly filters out unqualified candidates, saving time for manual review. This allows the manual process to focus on the most promising candidates, ensuring the best ones are considered for further evaluation.

Screening questions to auto-shortlist based on predefined criteria

like qualifications, location, experience, and skills. Either use job board or use an ATS such as whitecarrot. Here are some questions for {role_name}

• How many years of experience do you have with cybersecurity tools (SIEM, IDS/IPS, etc.)?
  • Less than 1 year (Auto-reject)
  • 1-2 years
  • 2-5 years
  • 5+ years (Preferred)
• How many years of experience do you have in threat analysis and vulnerability assessment?
  • No experience (Auto-reject)
  • Less than 1 year
  • 1-3 years
  • 3+ years
• Are you located within [specified location] or willing to work remotely?
  • Yes
  • No (Auto-reject if location-specific role)
• Do you have any security certifications such as CISSP, CEH, or CISM?
  • Yes
  • No (Preferred but not auto-reject)

Skill based question to auto shortlist candidate

Analyze the skill test data to automatically shortlist top-performing applicants. (recommended screening test time - 15 minutes). Here are some skill test questions for {role_name}

Incident Response

Assessing the candidate’s ability to handle and respond to security incidents.

• Question: Which of the following is the first step in the incident response process?
  • A) Containment
  • B) Identification (Correct Answer)
  • C) Eradication
  • D) Recovery
• Question: In which phase of the incident response lifecycle are root cause analysis and post-incident reporting conducted?
  • A) Detection
  • B) Identification
  • C) Lessons Learned (Correct Answer)
  • D) Recovery
• Question: What is the primary goal during the containment phase of incident response?
  • A) To restore normal operations
  • B) To prevent further damage (Correct Answer)
  • C) To eliminate vulnerabilities
  • D) To perform root cause analysis

Vulnerability Assessment

Testing knowledge in identifying and assessing vulnerabilities.

• Question: Which tool is commonly used for vulnerability scanning in networks?
  • A) Wireshark
  • B) Nessus (Correct Answer)
  • C) Metasploit
  • D) Nmap
• Question: What is the main objective of a vulnerability assessment?
  • A) To identify potential security weaknesses (Correct Answer)
  • B) To detect an ongoing attack
  • C) To remove malware
  • D) To configure firewalls
• Question: Which of the following is NOT part of a vulnerability management lifecycle?
  • A) Scanning
  • B) Reporting
  • C) Patching
  • D) Data encryption (Correct Answer)

Security Protocols

Evaluating understanding of key security protocols.

• Question: Which security protocol is used for securely transmitting data over the internet?
  • A) HTTP
  • B) SSL/TLS (Correct Answer)
  • C) FTP
  • D) DHCP
• Question: Which of the following protocols is used to ensure secure remote access to a server?
  • A) Telnet
  • B) SSH (Correct Answer)
  • C) HTTP
  • D) FTP
• Question: What is the purpose of two-factor authentication (2FA)?
  • A) To encrypt data
  • B) To require two methods of identity verification (Correct Answer)
  • C) To increase the speed of login
  • D) To disable login for compromised accounts

Note - Auto reject candidates if scores less than 70% in this section

One way video interview

Use tools like hirevue, whitecarrot.io to ask candidates pre-recorded questions about their experience and skills.

Use sample question given in scorecard.

Collect other information 

Collect data from shortlisted candidates, such as salary expectations and visa status.

Manual candidate profile shortlisting:

Thoroughly review the CVs of the top scoring candidates from the automated process

Look for evidence of the required skills, experience, and achievements

Review the candidate’s portfolio or GitHub repositories to see examples of their work.