How to source and shortlist {role_name}

Where can you find qualified {role_name}?

  • Professional network
    • Leverage your professional network and reach out to former colleagues, industry peers, and tech community members to ask for referrals.
  • Educational Institutions:
    • Universities and Colleges: Reach out to students and alumni from top programs in computer science and cybersecurity.
  • Company Career Pages:
    • Post the job on your company’s career page and include keywords such as “Cybersecurity Engineer,” “Security Analyst,” or “Information Security Engineer” to attract candidates directly searching for cybersecurity roles.
  • Role-Specific Job Boards:
    • CyberSecJobs (cybersecjobs.com): A job board specifically for cybersecurity roles, including penetration testers, security engineers, and more.
    • InfoSec Jobs (infosec-jobs.com): Another niche job board for information security professionals.
  • Geography-Specific Job Boards:
    • United States:
      • Dice (dice.com): Focuses on technology roles, with many postings for cybersecurity engineers.
      • CyberWire (cyberwire.com): A niche job board for U.S.-based cybersecurity positions.
    • India:
      • Naukri (naukri.com): India’s top job board, with a focus on technology roles, including cybersecurity.
      • CutShort (cutshort.io): A popular platform for IT and cybersecurity professionals in India.
    • UAE & KSA:
      • Bayt (bayt.com): A job portal for positions in the Middle East, including cybersecurity roles in UAE and KSA.
      • GulfTalent (gulftalent.com): A leading job board for the Middle East, focused on roles in finance, technology, and government sectors.
    • Remote Positions:
      • We Work Remotely (weworkremotely.com): A platform for remote cybersecurity roles.
      • Remote OK (remoteok.io): A job board focused on remote positions in the tech sector, including security roles.

What are the best practices for headhunting {role_name}?

  • Target Specialized Communities: Cybersecurity professionals often frequent niche communities like Reddit’s /r/netsec or StackExchange Information Security. Engage with candidates directly or advertise jobs within these groups.
  • Offer Competitive Salaries and Benefits: Cybersecurity engineers are in high demand. Offering competitive salaries, certifications, and continuous learning opportunities is key to attracting the right candidates.
  • Emphasize Career Growth: Highlight opportunities for professional development, certification sponsorship (e.g., CISSP or OSCP), and how the candidate’s work directly contributes to company security and innovation.

"Find Talent Quickly" – Leverage Headhunting and Referrals

How to shortlist candidates?

Once you have started to get applications from applicants, a thorough screening process and shortlisting of prospects will help you make the most of your time spent with the most qualified ones. 

Automated shortlisting tools :

Automated screening quickly filters out unqualified candidates, saving time for manual review. This allows the manual process to focus on the most promising candidates, ensuring the best ones are considered for further evaluation.

Screening questions to auto-shortlist based on predefined criteria

like qualifications, location, experience, and skills. Either use job board or use an ATS such as whitecarrot. Here are some questions for {role_name}

  • How many years of experience do you have with cybersecurity tools (SIEM, IDS/IPS, etc.)?
    • Less than 1 year (Auto-reject)
    • 1-2 years
    • 2-5 years
    • 5+ years (Preferred)
  • How many years of experience do you have in threat analysis and vulnerability assessment?
    • No experience (Auto-reject)
    • Less than 1 year
    • 1-3 years
    • 3+ years
  • Are you located within [specified location] or willing to work remotely?
    • Yes
    • No (Auto-reject if location-specific role)
  • Do you have any security certifications such as CISSP, CEH, or CISM?
    • Yes
    • No (Preferred but not auto-reject)

Skill based question to auto shortlist candidate

Analyze the skill test data to automatically shortlist top-performing applicants. (recommended screening test time - 15 minutes). Here are some skill test questions for {role_name}

Incident Response

Assessing the candidate’s ability to handle and respond to security incidents.

  • Question: Which of the following is the first step in the incident response process?
    • A) Containment
    • B) Identification (Correct Answer)
    • C) Eradication
    • D) Recovery
  • Question: In which phase of the incident response lifecycle are root cause analysis and post-incident reporting conducted?
    • A) Detection
    • B) Identification
    • C) Lessons Learned (Correct Answer)
    • D) Recovery
  • Question: What is the primary goal during the containment phase of incident response?
    • A) To restore normal operations
    • B) To prevent further damage (Correct Answer)
    • C) To eliminate vulnerabilities
    • D) To perform root cause analysis

Vulnerability Assessment

Testing knowledge in identifying and assessing vulnerabilities.

  • Question: Which tool is commonly used for vulnerability scanning in networks?
    • A) Wireshark
    • B) Nessus (Correct Answer)
    • C) Metasploit
    • D) Nmap
  • Question: What is the main objective of a vulnerability assessment?
    • A) To identify potential security weaknesses (Correct Answer)
    • B) To detect an ongoing attack
    • C) To remove malware
    • D) To configure firewalls
  • Question: Which of the following is NOT part of a vulnerability management lifecycle?
    • A) Scanning
    • B) Reporting
    • C) Patching
    • D) Data encryption (Correct Answer)

Security Protocols

Evaluating understanding of key security protocols.

  • Question: Which security protocol is used for securely transmitting data over the internet?
    • A) HTTP
    • B) SSL/TLS (Correct Answer)
    • C) FTP
    • D) DHCP
  • Question: Which of the following protocols is used to ensure secure remote access to a server?
    • A) Telnet
    • B) SSH (Correct Answer)
    • C) HTTP
    • D) FTP
  • Question: What is the purpose of two-factor authentication (2FA)?
    • A) To encrypt data
    • B) To require two methods of identity verification (Correct Answer)
    • C) To increase the speed of login
    • D) To disable login for compromised accounts

Note - Auto reject candidates if scores less than 70% in this section

One way video interview

Recruitment Bullet

Use tools like hirevue, whitecarrot.io to ask candidates pre-recorded questions about their experience and skills.

Recruitment Bullet

Use sample question given in scorecard.

Collect other information 

Recruitment Bullet

Collect data from shortlisted candidates, such as salary expectations and visa status.

"Shortlist in Seconds" – Use our CV scoring feature to get top candidate recommendation

Manual candidate profile shortlisting:

Recruitment Bullet

Thoroughly review the CVs of the top scoring candidates from the automated process

Recruitment Bullet

Look for evidence of the required skills, experience, and achievements

Recruitment Bullet

Review the candidate’s portfolio or GitHub repositories to see examples of their work.

Schedule recruiter calls with the candidate

Recruitment Bullet

Use a tool like calendly or whitecarrot to allow candidates to self-schedule calls based on your availability

Recruitment Bullet

Confirm the call details (date, time, dial-in info) with the candidate via email

What questions to ask in the recruiter phone screen?

Recruitment Bullet

 Use scorecard for rating candidates for recruiter

Recruitment Bullet

Sample scorecard : 

Criteria Sample Question Rating (1-5) Comments
Technical Skills Describe your experience with SIEM tools and incident response. [ ]
Problem-Solving Ability How do you approach vulnerability assessment and threat analysis? [ ]
Communication Skills Can you explain a complex security concept to non-technical staff? [ ]
Cultural Fit Do the candidate’s values and work style align with the company? [ ]
Overall Project Experience Did the candidate demonstrate strong practical experience? [ ]
Recruitment Bullet

Check for consistency in responses from the candidates.

Recruitment Bullet

Record such scorecards in an ATS like whitecarrot or use google doc