What is a Security Engineer at AIG?

As a Security Engineer specializing as a Cyber Threat Intelligence Analyst at AIG, you are the vanguard of our cybersecurity defense. AIG is a leading global insurance organization operating in approximately 70 countries and jurisdictions. The technology systems you help protect are the lifeblood of our business, enabling everything from underwriting complex global risks to processing critical claims for individuals and corporations. In this role, your work directly shields our infrastructure, our colleagues, and our clients from sophisticated cyber adversaries.

This position is not a standard defensive engineering role; it is deeply rooted in intelligence gathering and strategic analysis. You will operate within an interdisciplinary Cyber Threat Intelligence (CTI) team that develops advanced analytical frameworks to identify emerging threats. By analyzing the technical and behavioral aspects of malicious cyber activity—ranging from organized cybercriminal groups to state-sponsored actors—you provide the crucial situational awareness that dictates our defensive posture. Your insights will directly influence how AIG maps adversary behavior to detection and mitigation strategies.

What makes this role uniquely compelling is the scale and geopolitical context of the work. Because AIG operates globally, you will not only analyze malware and Indicators of Compromise (IOCs), but you will also evaluate how global geopolitical dynamics influence cyber risk. You will be expected to conduct deep-dive investigations using OSINT, dark web sources, and internal telemetry, translating complex technical data into actionable intelligence for both tactical engineering teams and executive leadership.

Common Interview Questions

Getting Ready for Your Interviews

Preparation is the key to demonstrating your readiness for the complex, fast-paced environment at AIG. We want to see how you think, how you investigate, and how you communicate your findings.

During your interviews, you will be evaluated against several core criteria:

• Role-Related Knowledge – We assess your deep understanding of the threat intelligence lifecycle, common threat actor tools, malware families, and your ability to leverage frameworks like MITRE ATT&CK. You can demonstrate strength here by using precise technical terminology and referencing recent, real-world cyber campaigns.
• Analytical Problem-Solving – Interviewers will evaluate your investigative tradecraft. We want to see how you pivot from a single data point (like an IP address or a phishing email) to uncover broader adversary infrastructure and intent using OSINT and telemetry.
• Strategic Communication – Because you will produce intelligence for various stakeholders, we look for your ability to distill raw, complex information into concise, actionable reporting. Strong candidates seamlessly transition between technical deep dives and high-level executive summaries.
• Culture Fit and Adversary Awareness – AIG values a culture of curiosity, critical thinking, and collaboration. We evaluate your passion for the cybersecurity community, your geopolitical awareness, and your ability to mentor junior analysts and work effectively within an interdisciplinary team.

Interview Process Overview

The interview process for a Security Engineer at AIG is designed to be thorough, engaging, and reflective of the actual work you will do on the CTI team. You can expect a structured progression that balances technical rigor with behavioral and strategic assessments. The process typically begins with an initial screening by our talent acquisition team to align on your background, expectations, and fundamental knowledge of the threat landscape.

Following the initial screen, you will move into discussions with hiring managers and senior members of the Information Technology and cybersecurity teams. These rounds will dive deep into your investigative methodologies, your familiarity with intelligence collection tools, and your understanding of global cyber risks. You may also be asked to walk through past intelligence reports you have authored or discuss how you would brief leadership on an emerging threat. AIG places a heavy emphasis on practical application, so expect scenario-based questions rather than simple trivia.

This visual timeline outlines the typical stages of your interview journey, from the initial recruiter screen to the final comprehensive panel. Use this map to pace your preparation, ensuring you are ready to discuss your foundational technical skills early on, while saving your deepest strategic and behavioral examples for the final rounds. Note that specific stages may occasionally blend depending on interviewer availability, but the core evaluation themes will remain consistent.

Deep Dive into Evaluation Areas

To succeed in your interviews, you must demonstrate proficiency across several critical domains. Our interviewers will probe these areas using both historical examples from your resume and hypothetical scenarios relevant to AIG.

Threat Intelligence & Frameworks

Understanding how to structure and operationalize intelligence is paramount. Interviewers will test your grasp of standard methodologies that turn raw data into actionable insights. We want to see that your investigations are methodical and repeatable.

Be ready to go over:

• The Threat Intelligence Lifecycle – Planning, collection, processing, analysis, dissemination, and feedback.
• MITRE ATT&CK Mapping – How to map adversary behaviors (TTPs) to the framework to drive detection engineering.
• Adversary Profiling – Differentiating between the motivations and capabilities of cybercriminal syndicates versus state-sponsored APTs.
• Advanced concepts (less common) – Diamond Model of Intrusion Analysis, structured analytic techniques (like Analysis of Competing Hypotheses).

Example questions or scenarios:

• "Walk me through how you would use the MITRE ATT&CK framework to assess our current defensive coverage against a specific ransomware group."
• "Describe a time you applied the threat intelligence lifecycle to a raw piece of data to produce a finished intelligence product."
• "How do you determine the attribution of a cyber attack, and when is attribution actually important to the business?"

Technical Investigations & OSINT

A core function of this Security Engineer role involves getting into the weeds of an investigation. We need to know that you are comfortable operating in various environments to hunt down adversary infrastructure.

Be ready to go over:

• OSINT Tradecraft – Utilizing public records, social media, and open directories to build a profile of adversary activity.
• Dark Web & Closed Forums – Safe operational security (OPSEC) practices when investigating vetted marketplaces.
• IOC Pivoting – Taking a single hash, domain, or IP and using tools (like VirusTotal, Shodan, or passive DNS) to uncover broader campaigns.
• Advanced concepts (less common) – Basic static/dynamic malware analysis, reverse engineering concepts, and writing YARA rules.

Example questions or scenarios:

• "If you are given a suspicious domain name that was flagged in our internal telemetry, what steps do you take to investigate it?"
• "Explain your OPSEC procedures when conducting research on dark web forums."
• "Tell me about a time you successfully pivoted from a single IOC to uncover an entire phishing infrastructure."

Geopolitics & Strategic Communication

Because AIG is a global financial entity, geopolitical events directly translate to cyber risk. You must demonstrate an understanding of the world stage and the ability to communicate these risks effectively.

Be ready to go over:

• Global Threat Landscape – Current events and how they influence state-sponsored cyber operations.
• Executive Briefings – Distilling technical findings into business risk (e.g., financial impact, operational downtime).
• Stakeholder Management – Delivering timely, accurate, and appropriate intelligence to different audiences (tactical defenders vs. C-suite).
• Advanced concepts (less common) – Developing recurring intelligence reporting structures from scratch.

Example questions or scenarios:

• "How would you explain the risk of a newly discovered zero-day vulnerability to a non-technical executive?"
• "Discuss a recent geopolitical event and explain how it might alter the cyber threat landscape for a global insurance company."
• "Describe a situation where you had to push back on a stakeholder's request because it did not align with actual intelligence requirements."