Recruitment Stories - Adnan's Experience at Optimizely

Tahanima Chowdhury Tahanima Chowdhury Nov 21, 2025 · 3 mins read
Recruitment Stories - Adnan's Experience at Optimizely
Share this

Adnan Al Islam is currently working at Optimizely as a Product Security Engineer II. He graduated from the Department of Computer Science and Engineering at BUET in 2021. After completing his degree, he began his professional journey at TechForing Ltd., a Bangladeshi cybersecurity startup, where he worked for about four months. He then joined the Offensive Security Research team at bKash and spent three years strengthening the security of their systems. Following that, he served as a Senior Cyber Security Engineer at TechnoNext Software Limited, a concern of the US-Bangla Group. Most recently, he transitioned to Optimizely as a Product Security Engineer II.

Adnan has always been passionate about Application Security. Working with vulnerable systems, identifying weaknesses, and safeguarding them is where he thrives. Over the years, he has continuously worked on Vulnerability Assessment and Penetration Testing (VAPT) for Web Applications, APIs, and Mobile Applications.

He applied for the role at Optimizely through LinkedIn. The hiring process consisted of five rounds, including an initial HR phone screening, and all rounds were conducted in English.

Phase 1

The first step was the HR screening, where the recruiter discussed his work experience, current responsibilities, and motivation to join Optimizely.

Phase 2

A few days later, he faced the second round with the Hiring Manager. This 45-minute session began with introductions, followed by discussions about team responsibilities. The Hiring Manager then asked Adnan about his experience and key concepts such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), and CI/CD pipeline security. The round concluded with Adnan having the opportunity to ask questions. For this stage, he prepared by reviewing his CV and refreshing his knowledge on relevant experience areas.

Phase 3

The third round involved three core members of the Product Security team. One member discussed the differences between SAST and SCA and gave Adnan a feature scenario to perform Threat Modeling. He was also asked about security controls across each phase of the Software Development Life Cycle (SDLC), from code to cloud, and the broader Application Security Posture Management process.

The second team member focused on a wide range of application security topics, including secure REST API design techniques, file upload vulnerabilities, XSS, CSRF, JWT attacks, session fixation attacks, and various security headers along with their functions.

The third team member provided three manual secure code review exercises involving login functionalities and password hashing, file upload vulnerabilities, and insecure JWT implementation. Adnan was required to identify the vulnerable lines of code and provide proper remediation suggestions. For this round, he prepared by revisiting core application security concepts and leveraging his previous hands-on experience.

Phase 4

The fourth round took place with three other team members from Vulnerability Management, Endpoint Security, Security Operations, and Cyber Security Awareness. The questions in this session covered topics such as Zero Trust architecture, DNS cache poisoning, applications running on non-standard ports, incident response strategies, challenges in collaborating with design teams, and how to assess remote host accessibility without automated tools. His preparation for this round focused on Incident Response, Security Operations, OSI layer security controls, and vulnerability management fundamentals.

Phase 5

Two days later, he was invited to the final interview with Optimizely’s Global Chief Information Security Officer (CISO). This brief 10-minute session centered around the team’s mission, vision, and an open conversation where Adnan could ask questions.

About five days after the final round, HR contacted him with a job offer—marking the successful completion of his Optimizely recruitment journey.

Special thanks to Adnan Al Islam for taking out the time to share his recruitment experience with me. If you have any queries, feel free to contact him at adnanalislam227@gmail.com

Tahanima Chowdhury
Written by Tahanima Chowdhury Follow
Tahanima is the author of this blog. She is an avid contributor to open source projects and has over seven years of experience working as an SQA Engineer at Therap (BD) Ltd. She also held positions at HackerRank as a Challenge Creator and Draft.dev as a Technical Writer.
How I Improved My Technical Skills as a QA Engineer