Frequently Asked Questions

More useful information on the recruitment process

Q. How do I apply?

You can search all of our vacancies via this website. Simply find a role that appeals to you and click 'Apply Now'. Please include an updated CV when possible.

 

Q. I’ve applied. What happens now?

A member of our recruitment team will review your application.

You should hear back from the US recruiting team within a few business days. Periodically we do fall behind during peak season, etc., so should you ever want to follow-up on your application, please feel free to do so by sending an email to na-cv@nccgroup.trust. You can’t waste our time!

 

Q. I’ve got a phone interview. What will the process be like?

This part of our recruitment process varies depending on the role. For technical phone interviews, you can expect the interviewers to cover material from the “homework” you were assigned in the process to gauge your understanding. They may also cover other areas in the vast security landscape where you purport to have experience or expertise. We also ask probing questions in less familiar areas to help gain a glimpse of problem solving abilities.

For non-technical roles, you can expect questions surrounding your experience, skillset, work style, and more.

 

Q. How should I prepare for the interview?

Each area will require slightly different preparation so ask our recruitment team in advance if you are unsure.

Some key general hints and tips and things to remember include:

  • Do your research and prepare. Learn as much as you can about NCC Group.
  • Get social and follow us on Twitter and LinkedIn. Read our blog and know some of our research, regardless of the role you are applying for.
  • For technical roles, do the homework that was assigned to you, and be ready to follow us “down the rabbit hole”.
  • For non-technical roles, be prepared to talk about your experience, preferences, work style, etc.

 

Q. What should I wear?

As you may have noticed from our photos on our website – each department at NCC Group dresses slightly differently, some departments having a more relaxed dress code, while others have a more corporate dress code.

With regards to interviews – unless we tell you otherwise, please do dress smartly and professionally for any interviews you have with us. Typically our recruiting team will proactively note the level of dress required for interviews when passing on specific interview logistics.

 

Q. Who should I contact if I have any questions about opportunities within NCC Group or if I have any questions during my application process?

Karsten Cross (Talent Acquisition Partner) and Clarrissa Hill (Recruiting Coordinator) are the dynamic duo handling US recruitment. You can email them both via na-cv@nccgroup.trust.

 

Q. Do you accept visas?

We do! We pursue H1-B visas for international students coming out of US universities at the earliest opportunity.

For international candidates looking to relocate to the United States who pass our challenge-based hiring process, we’re happy to attempt a H1-B visa on their behalf, as well.

We submit applications for sponsorship during the annual window in late March/early April. The government process is a lottery process, so we have no control over who is picked and who is not in a given year. The odds are a bit under 50% that an application will be selected successfully. Having an advanced degree increases the odds of selection. Should an international candidate be selected, they would be authorized to work any time after October of that application year. If not selected, we would try to sponsor again the following year, assuming continued candidate interest.

 

Q. Do you conduct background checks?

As a security organization, we have to ensure everyone we hire goes through the appropriate checks. So yes, we perform background checks. It is best to be honest and reveal anything you think may appear in your background checks upfront. If something negative does come up we will talk it through with you and consider anything that may impact your application. We will always aim to find a positive outcome where possible.

 

Q. Who has access to my details once I’ve applied?

Only the recruitment team and those involves in the selection process. We only retain your information for a specific period of time as defined by records management guidelines.

 

Q. How long does the process take?

For non-technical roles, the hiring process can be relatively short, depending on hiring manager schedules.

For technical roles, it depends on how long it takes to complete the assigned “homework” and preparation, and how long an applicant takes with the challenges. Otherwise the process can have a very quick turnaround.

 

Q. I’m open to multiple locations, what’s the difference between each location?

For technical roles, each NCC Group US location performs a variety of types of security engagements and delivers in nearly every practice area. Regionally, you will not see a huge difference in the type of work performed. The main difference tends to revolve around client travel, and onsite versus remote work. Ask your friendly neighborhood NCC Group recruiting team member for more guidance.

For non-technical roles, we do have support positions in nearly all of our offices. The bulk of our back end services are based in our San Francisco office currently.

 

Q. For pentesting roles, how much time do I have to complete the challenges?

We don’t timebox the challenges. You should not feel compelled to tackle the challenge(s) in one sitting, unless that’s your strong preference. You may, rather, complete the challenge(s) as life allows. An hour here and there is perfectly acceptable.

 

Q. Do you have remote positions available?

For technical roles, we do have remote employees around the country, but set the bar high, requiring senior-level or higher titles before allowing remote work. Remote employees should also expect to travel domestically to a higher degree, as we still primarily sell engagements in locations where we have offices.

Some technical positions, like within our bug bounty practice, can be nearly 100% remote.

Non-technical positions require a steady presence in one of our regional offices.