How to source and shortlist {role_name}

Hiring guide

About {role_name}

Job description

Source and shortlist candidates

Structured interview

Progression and salary

Where can you find qualified {role_name}?

  • Professional network : Leverage your professional network and reach out to former colleagues, industry peers, and tech community members to ask for referrals.
  • Educational Institutions:
    • Universities with Strong Computer Science and Security Programs: Partner with universities that have strong computer science and cybersecurity programs to recruit recent graduates or alumni with relevant skills.
    • Bootcamps and Certification Programs: Target graduates from specialized DevSecOps bootcamps or those who have completed relevant certifications (e.g., Certified DevSecOps Professional).
  • Company Career Pages:
    • Your Company Website: Ensure that your company’s career page is optimized for SEO and highlights the benefits of working at your organization. Include testimonials from current employees in similar roles.
  • Role-Specific Job Boards:
    • DevOps.com: A dedicated platform for DevOps professionals, offering a niche audience for DevSecOps roles.
    • CyberSecJobs: A job board specifically for cybersecurity roles, including DevSecOps.
  • Geography-Specific Job Boards:
    • United States:
      • Indeed: Widely used in the US, suitable for reaching a broad audience.
      • Dice: Specialized in tech jobs, including DevSecOps roles.
      • CyberSecJobs: Focused on cybersecurity positions.
    • India:
      • Naukri: India’s largest job board, suitable for tech roles.
      • Freshersworld: Ideal for reaching entry-level candidates with certifications.
      • Cutshort: A platform focused on tech jobs in India.
    • UAE & KSA:
      • Bayt: Popular in the Middle East for various professional roles.
      • Naukrigulf: Specialized in Gulf countries, including UAE and KSA.
      • GulfTalent: A leading job board in the Middle East.
      • Whitecarrot.io
    • Remote Positions:
      • We Work Remotely: A platform focused on remote job opportunities.
      • Remote OK: Another popular site for finding remote DevSecOps engineers.
      • AngelList: Great for sourcing candidates interested in startup environments.

What are the best practices for headhunting {role_name}?

  • Leverage Your Network: Use your professional network to get referrals and recommendations for potential candidates. DevSecOps is a niche field, and personal referrals can often lead to the best hires.
  • Target Passive Candidates: Many DevSecOps engineers may not be actively looking for a new job. Engage passive candidates by highlighting your company’s unique benefits, growth opportunities, and challenging projects.
  • Attend Industry Events: Participate in or sponsor DevOps and security conferences, webinars, and meetups. This can help you connect with professionals who are deeply involved in the field.
  • Tailor Your Approach: When reaching out to candidates, personalize your communication. Highlight specific aspects of their experience or projects that align with the role you’re hiring for.

How to shortlist candidates?

Once you have started to get applications from applicants, a thorough screening process and shortlisting of prospects will help you make the most of your time spent with the most qualified ones. 

Automated shortlisting tools :

Automated screening quickly filters out unqualified candidates, saving time for manual review. This allows the manual process to focus on the most promising candidates, ensuring the best ones are considered for further evaluation.

Screening questions to auto-shortlist based on predefined criteria

like qualifications, location, experience, and skills. Either use job board or use an ATS such as whitecarrot. Here are some questions for {role_name}

  • How many years of experience do you have with DevOps tools (e.g., Jenkins, Docker, Kubernetes)?
    • Auto-Reject Criteria: Less than 3 years of experience.
  • How many years of experience do you have in security practices, particularly in integrating security within CI/CD pipelines?
    • Auto-Reject Criteria: Less than 2 years of experience.
  • Are you located within [specified location] or willing to work remotely?
    • Auto-Reject Criteria: Not willing to work remotely or relocate if the role is not remote.

Skill based question to auto shortlist candidate

Analyze the skill test data to automatically shortlist top-performing applicants. (recommended screening test time - 15 minutes). Here are some skill test questions for {role_name}

DevOps Tools

Assessing familiarity and experience with key DevOps tools.

  • Which of the following is primarily used for container orchestration?
    • a) Jenkins
    • b) Docker
    • c) Kubernetes (Correct Answer)
    • d) Ansible
  • What is the primary function of Jenkins in a CI/CD pipeline?
    • a) Source Code Management
    • b) Continuous Integration (Correct Answer)
    • c) Containerization
    • d) Configuration Management
  • Which tool is commonly used for automating infrastructure provisioning?
    • a) Docker
    • b) Terraform (Correct Answer)
    • c) Kubernetes
    • d) Nagios

Security Integration

Evaluating knowledge of integrating security into the DevOps process.

  • What is the primary goal of DevSecOps?
    • a) Automate software deployment
    • b) Integrate security practices into the CI/CD pipeline (Correct Answer)
    • c) Increase development speed
    • d) Reduce operational costs
  • Which tool is commonly used for static code analysis to find vulnerabilities?
    • a) Jenkins
    • b) Docker
    • c) SonarQube (Correct Answer)
    • d) Kubernetes
  • What is the purpose of a Web Application Firewall (WAF)?
    • a) Manage cloud infrastructure
    • b) Protect web applications from security threats (Correct Answer)
    • c) Automate deployment
    • d) Monitor system performance

Vulnerability Assessment

Testing candidates' knowledge in identifying and addressing vulnerabilities.

  • What is the first step in conducting a vulnerability assessment?
    • a) Remediation
    • b) Identification of assets (Correct Answer)
    • c) Patching
    • d) Continuous Monitoring
  • Which of the following is a commonly used tool for vulnerability scanning?
    • a) Nagios
    • b) Jenkins
    • c) Nessus (Correct Answer)
    • d) Docker
  • What type of vulnerability does SQL Injection represent?
    • a) Network Vulnerability
    • b) Software Vulnerability (Correct Answer)
    • c) Hardware Vulnerability
    • d) Physical Vulnerability

Note - Auto reject candidates if scores less than 70% in this section

One way video interview

Recruitment Bullet

Use tools like hirevue, whitecarrot.io to ask candidates pre-recorded questions about their experience and skills.

Recruitment Bullet

Use sample question given in scorecard.

Collect other information 

Recruitment Bullet

Collect data from shortlisted candidates, such as salary expectations and visa status.

Manual candidate profile shortlisting:

Recruitment Bullet

Thoroughly review the CVs of the top scoring candidates from the automated process

Recruitment Bullet

Look for evidence of the required skills, experience, and achievements

Recruitment Bullet

Review the candidate’s portfolio or GitHub repositories to see examples of their work.

Schedule recruiter calls with the candidate

Recruitment Bullet

Use a tool like calendly or whitecarrot to allow candidates to self-schedule calls based on your availability

Recruitment Bullet

Confirm the call details (date, time, dial-in info) with the candidate via email

What questions to ask in the recruiter phone screen?

Recruitment Bullet

 Use scorecard for rating candidates for recruiter

Recruitment Bullet

Sample scorecard : 

Criteria Sample Question Rating (1-5) Comments
Technical Knowledge Describe your experience with integrating security into CI/CD pipelines. 1-5
Problem-Solving Ability Tell us about a time when you had to troubleshoot a security issue in a live environment. How did you resolve it? 1-5
Communication Skills Explain a complex technical concept (e.g., DevSecOps) to someone without a technical background. 1-5
Cultural Fit What aspects of our company culture appeal to you the most, and why? 1-5
Leadership and Collaboration How do you manage collaboration between development, operations, and security teams? Can you give an example where you led such an effort? 1-5
Experience with Specific Tools Which DevOps and security tools are you most familiar with? Can you provide an example of how you’ve used these tools in a project? 1-5
Recruitment Bullet

Check for consistency in responses from the candidates.

Recruitment Bullet

Record such scorecards in an ATS like whitecarrot or use google doc

Hiring guide

About {role_name}

Job description

Source and shortlist candidates

Structured interview

Progression and salary