Skip to main content

Hiring SREs

Hiring engineers is a challenging task. Doing it right can be difficult, and many companies struggle with it. I gave a talk at the Velocity conference a while back discussing how LinkedIn’s SRE team solved this problem and how I designed a hiring process that’s fair, interesting, and gets results. If you don’t want to read the whole post, you can just watch the video below.
Before talking about the actual mechanics of the interview process, though, I want to talk a little bit about the theory behind interviewing and hiring. In any circumstance where you’re doing hiring, you have a specific need that you need folks to fill. There’s a task that needs to be done, a role that needs to be occupied, and business metrics that need to be moved. Before you can really start doing any hiring, you have to know definitively what those are. You also need to know what skills are the minimum necessary to meet your requirements. Most importantly, you need to make sure that you’re only testing for those skills.
Testing for other stuff might make you feel good, or make your team think that the hiring process is really hard, so they must be very smart, but it will be incredibly damaging in the long run to your goals of getting the right people doing the right things. It’s critical that before you start rushing out to redesign your hiring process, you know—and make sure everyone internally is aligned with—what people need to know to do the job.
Once you’ve done that, the rest of the hiring process should center around two things: efficiency and testing the ability to do the job. From an efficiency perspective, developing screens that can be given over the phone or online can help you scale. From the “ability to do the job” perspective, developing screens that test the essential skills (and only the essential skills) makes sure that your selection process gets you people who can do the job, but who also view your selection process as fair and maybe even fun.
The process at LinkedIn begins with a quick phone screen given by the recruiter. The recruiter discusses the candidate’s availability and gives general information about the role and LinkedIn. He or she then asks seven questions with very simple answers, intended primarily to make sure that the candidate has at least some elementary knowledge in everything that is needed for the role. These questions were written to have as unambiguous an answer as possible, and to not require any technical knowledge on the part of the interviewer. One example question from our recruiter phone screen is “For each IP address I give you, tell me whether it is publicly-routable on the global internet or not.”
Once a candidate passes the recruiter screen, we’re confident that a conversation with an engineer has at least a good chance of being productive, so we schedule a coding-focused phone screen. We do this because the SRE role at LinkedIn involves both systems knowledge and development knowledge, so we need to make sure our candidates can produce code. We use Coderpad, but any collaborative typing system works for doing this. In the coding phone screen, we use a progressive method to ease the candidate into the right frame of mind for doing the coding, and to also let us bail out on the interview with some degree of grace if it’s clear the candidate can’t code. We start with a very elementary problem (run through a loop and print some things) and end with a task like one our SREs could be expected to do on any given day (connect to a RESTful API and retrieve some data, then process it.)
Once we’re confident the candidate can code enough to be successful, we advance the candidate to a more in-depth systems and architecture phone screen. Part of the reason for conducting so many phone screens instead of just bringing the candidates onsite is that an onsite is very expensive—both for us and for the candidate—so we want to feel confident that candidates we invite onsite will pass. The operations phone screen involves three questions, one about how systems work, one about performing a task at large scale, and a third about monitoring and alerting.
Once the candidate has cleared both engineering phone screens, we invite them to campus for a day. Possibly the most important piece of advice here is to try very hard to avoid repeating any of the activities you’ve already had the candidate do. In our case, we’ve had candidates write code, and we’ve had candidates discuss some low-level details about how UNIX-hosted network services work at scale. So, for our onsite interview, we ask them to do different things.
The signature task we have candidates for SRE perform in the onsite is an exercise called “Live Troubleshooting,” which is exactly what it sounds like: we give the candidate a laptop running a service that is broken in various ways and ask the candidate to fix it. It’s about as real a simulation as you can get for what a night on-call is like as an SRE.
SREs are also responsible for identifying the cause of incidents, so we have candidates go through a module where we ask them to do that. A sample alert dashboard is given to the candidate, and they have to triage the alerts and write status reports for their teammates and management about what went wrong and what they’re fixing based on the alerts they see.
Additionally, SREs must be able to produce code, but probably more importantly, they’re responsible for being able to read and understand code. To test this ability, we give our candidates a code review exercise, consisting of a few Pythonish pieces of code with several errors or poor design choices, and ask the candidates to conduct a code review on them, like they would with their co-workers.
One of the biggest benefits of our bar for SRE talent being so high is that SREs have a high level of trust and involvement in large-scale decisions, like how to architect a new service. Services at LinkedIn can handle millions of queries per second, so understanding how to architect a scalable, reliable service is key. We ask our candidates to design a service from the ground up to accomplish a simple task (like a link shortener or an image host.)
Finally, we need to make sure that candidates understand what it’s like being an SRE and how they work with others. To do this, we have the candidates speak with an SRE manager and have lunch with at least one other SRE. These opportunities let us learn more about the candidate in a less-structured environment and also give the candidate a chance to ask more questions about the role and the company.
You’ll notice what’s missing in our hiring process: trivia, whiteboard coding, in-depth kernel knowledge as an expectation, and other hoop-jumping exercises that don’t make people better SREs. We worked very hard to determine what the most essential skills are for the SRE role as it stands at LinkedIn, and structured our hiring process to give us the most possible information about a candidate’s likely performance in that role.
The lesson learned here is this: if your hiring process reflects the actual job, then you can tell a lot about how good a fit someone is for the role based on their reaction to the hiring process. If they hate being asked to do simulations of what they’ll actually do on the job, the candidate may realize that the job is a bad fit for them off the bat, saving you from a bad hire. Candidates have given us so much positive feedback about the process, including many who describe it as very hard, but fun. This is exactly the reaction we were hoping for.

Comments

Popular posts from this blog

CKA Simulator Kubernetes 1.22

  https://killer.sh Pre Setup Once you've gained access to your terminal it might be wise to spend ~1 minute to setup your environment. You could set these: alias k = kubectl                         # will already be pre-configured export do = "--dry-run=client -o yaml"     # k get pod x $do export now = "--force --grace-period 0"   # k delete pod x $now Vim To make vim use 2 spaces for a tab edit ~/.vimrc to contain: set tabstop=2 set expandtab set shiftwidth=2 More setup suggestions are in the tips section .     Question 1 | Contexts Task weight: 1%   You have access to multiple clusters from your main terminal through kubectl contexts. Write all those context names into /opt/course/1/contexts . Next write a command to display the current context into /opt/course/1/context_default_kubectl.sh , the command should use kubectl . Finally write a second command doing the same thing into ...

OWASP Top 10 Threats and Mitigations Exam - Single Select

Last updated 4 Aug 11 Course Title: OWASP Top 10 Threats and Mitigation Exam Questions - Single Select 1) Which of the following consequences is most likely to occur due to an injection attack? Spoofing Cross-site request forgery Denial of service   Correct Insecure direct object references 2) Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application? Injection   Correct Insecure direct object references Failure to restrict URL access Insufficient transport layer protection 3) Which of the following scenarios is most likely to cause an injection attack? Unvalidated input is embedded in an instruction stream.   Correct Unvalidated input can be distinguished from valid instructions. A Web application does not validate a client’s access to a resource. A Web action performs an operation on behalf of the user without checkin...