There were two interviews, a personality/background screen and a technical assessment. Before the interview I was informed that this was a 24/7 position.
The personality screen took about 30 minutes before moving to the technical assessment. The technical assessment was a 45 minute exercise to determine the skill level for log analysis.
The technical assessment was 5 log events with various indicators of compromise. During the assessment, you would walk through your thought process on whether or not the event was malicious and what action should be taken with the customer.
After the interview, I was asked about salary expectations and asked clarifying questions about position's duties/workload, etc.
