Probably the best interview process I've had. Other companies talk a big game about respecting their employees, but SI was the first interview I've had where I felt respected at every step of the interview and hiring process. I particularly appreciated that it was an expedient process that took about a total of 3 and a half weeks between application and start date.
The interview process starts with a guided challenge site where you'll be given security challenges to complete. For an entry-level position, you're not expected to complete all of them, but ideally you should be able to complete 3 to 4 of them. It's mostly basic web security, but there are a couple questions where knowledge of basic network security and native exploits will be helpful.
If you do well in this, this is followed by a thirty minute phone interview. This interview is mostly non-technical and is primarily a 'get-to-know-eachother' call, though there's some level of cultural/personality screening here too. It's pretty relaxed, and a good chance to ask questions about the company and the position.
If they like you, you'll move onto the next challenge which involves a penetration test against a mock bank website with a four hour time limit. If you enjoy web security (which hopefully you do!), this is actually a really fun exercise. There are lots of fun easter-eggs and jokes hidden throughout the site, and several fun exploits you can take advantage of. The challenge is automatically scored, and you'll need to be able to actually craft useful payloads for most of the exploits to get full points. Again- you don't need to find everything, but thre is an opportunity here to impress and go above expectations. At the end of the four hours, you're asked to write a report on one of your findings.
At least in Seattle for the position I applied for, if you live in the area the final round is a set of technical interviews with other engineers in-office followed up with an interview with the VP of services. The exact questions and topics seem to vary based on the interviewer, but expect questions on web security, cryptography, and native. Be sure to have working knowledge of exploits and vulnerabilities in each category and mitigation techniques. For Crypto, although you don't need exact formulas, it will likely be helpful if you can diagram out the common algorithms. At least one of the interviewers had a practical coding challenge as well.
Overall, it was a difficult interview process, but not the most difficult one I've done, and the questions and challenges were very fair. I particularly appreciated the amount of practical exercises involved instead of just doing round after round of technical interviews.
