There was a total of 6 rounds of interviews and 1 onsite. All with different business heads and only 2 relating to security. Both the interviews were very superficial. I was asked to list OWASP top ten nothing more only work they have is to run tools like ZAP and publish the report of the same and if you ask for a better task they will ask you to build a Payload list to use with ZAP. No Timelines for manual assessment and pentest will be provided citing customer Adhoc requirements and you will have to run ZAP and return the report. Nobody seems to notice that 4 Years of security Charleton going on here but couldn't integrate Pentest with CI/CD. Let's see how long his deception continues.