Orca Security is a leading agentless cloud-security platform — scans cloud infrastructure (AWS, Azure, GCP) without deploying agents on workloads. Series E, $1.8B valuation. The interview emphasizes cloud-internals depth, the agentless side-scan architecture, and the engineering of security data normalization across the major hyperscalers.
Process
Recruiter screen → 60-minute coding (Python or Go) → onsite virtual: 2 coding, 1 system design, 1 craft deep-dive, 1 behavioral. Cycle: 3–5 weeks.
What they actually ask
- Design an agentless side-scan architecture (snapshot, attach, scan)
- Design a vulnerability database mapping to CVE and cloud-asset graph
- Design a cloud-graph that connects identity, network, and workload risks
- Coding: medium DSA, often with parsing, graph, or scheduling framing
- Behavioral: ownership, customer empathy for security teams, regulated-industry care
Levels and comp (2026)
- SE: $165K–$220K total
- Senior SE: $235K–$320K total
- Staff: $335K–$455K total
- Principal: $470K–$640K total
Prep priorities
- Be fluent in Python (security-flavored services) and Go (some platform)
- Understand AWS / Azure / GCP cloud-security primitives (IAM, network, snapshot APIs)
- Brush up on cloud-attack paths (Identity-based attacks, lateral movement, privilege escalation)
Frequently Asked Questions
Is Orca remote-friendly?
Hubs in Tel Aviv and Portland OR. Many engineering roles remote within US/Israel.
How does Orca compare to Wiz, Lacework, or Prisma Cloud?
Wiz is the largest by velocity / customer count. Lacework focuses on workload protection. Prisma Cloud (Palo Alto Networks) is the legacy enterprise option. Orca differentiates on agentless side-scan depth. Comp competitive at senior+ for cloud security.
What is the engineering culture?
Mature, customer-driven, calmer pace post-2024 reorgs. Strong Israeli-US distributed culture.