Software Engineer Interview Questions
Technical, system design, behavioral, and culture fit questions. Each includes what good answers look like and follow-up questions to dig deeper.
Whether you're a hiring manager conducting your first engineering hire or an experienced recruiter, structured interviews lead to better outcomes. Research from Google's Project Oxygen shows that structured interviews are one of the most effective predictors of job performance. Combine these questions with behavioral interview questions for a complete assessment.
A stack is LIFO (last in, first out) like a stack of plates. A queue is FIFO (first in, first out) like a line at a store. Use stacks for undo operations, recursion, and parsing. Use queues for scheduling, breadth-first search, and handling requests in order.
Follow-up
- →How would you implement a queue using two stacks?
- →What's the time complexity of operations on each?
SQL databases are relational—structured tables with defined schemas, great for complex queries and transactions. NoSQL databases are flexible—document, key-value, or graph-based, ideal for unstructured data and horizontal scaling. Choose SQL for data integrity needs, NoSQL for flexibility and scale.
Follow-up
- →When would you use MongoDB over PostgreSQL?
- →How do you handle transactions in NoSQL?
DNS lookup finds the IP address. Browser opens a TCP connection (and TLS handshake for HTTPS). Sends HTTP request. Server processes and returns response. Browser parses HTML, fetches additional resources, builds DOM, applies CSS, executes JavaScript, renders the page.
Follow-up
- →How does caching affect this?
- →What's the role of CDNs?
Processes have separate memory spaces and are isolated—one crashing doesn't affect others. Threads share memory within a process, making them lighter but requiring synchronization. Use processes for isolation, threads for parallelizing work within an app.
Follow-up
- →What problems can arise from shared memory?
- →When would you choose multiprocessing over multithreading?
First, analyze with EXPLAIN to understand the execution plan. Check for missing indexes on WHERE and JOIN columns. Look for N+1 queries. Consider denormalization for read-heavy data. Add caching for frequently accessed data. Only optimize after measuring.
Follow-up
- →When can indexes hurt performance?
- →How do you decide what to cache?
REST uses HTTP methods semantically: GET (read), POST (create), PUT/PATCH (update), DELETE (remove). URLs represent resources (/users/123). Stateless requests. Proper status codes (200, 404, 500). HATEOAS for discoverability. Versioning for backwards compatibility.
Follow-up
- →What's the difference between PUT and PATCH?
- →How do you handle authentication?
Big O describes how algorithm performance scales with input size. O(1) is constant—hash lookup. O(n) is linear—searching unsorted list. O(log n) is logarithmic—binary search. O(n²) is quadratic—nested loops. Focus on the dominant term for large inputs.
Follow-up
- →What's the complexity of quicksort?
- →When does constant factor matter more than Big O?
Instead of creating dependencies inside a class, you pass them in from outside. This makes code testable (you can inject mocks), flexible (swap implementations), and loosely coupled. Common in frameworks like Spring, Angular, and most DI containers.
Follow-up
- →What are the downsides of DI?
- →How does this improve testability?
Authentication verifies identity—who you are. Authorization checks permissions—what you can do. Auth happens first (login), then authz for each action. Common patterns: JWT tokens for auth, role-based access control (RBAC) for authz.
Follow-up
- →How do you store JWT tokens securely?
- →What is OAuth and when would you use it?
When the outcome depends on timing of operations that should be atomic. Example: two threads reading a counter, incrementing, and writing back—both might read 5 and write 6 instead of 7. Prevent with locks, atomic operations, or immutable data.
Follow-up
- →How do you debug a race condition?
- →What's the difference between a mutex and semaphore?
Generate unique short codes (base62 encoding of auto-increment ID or random string with collision check). Store mapping in database. Redirect by looking up full URL. Scale with read replicas and caching (URLs rarely change). Consider analytics, expiration, and abuse prevention.
Follow-up
- →How do you handle 1 billion URLs?
- →How do you prevent malicious links?
Token bucket or sliding window algorithm. Track requests per user/IP in Redis with TTL. Return 429 when limit exceeded. Consider: per-endpoint limits, burst allowance, distributed counting, and graceful degradation.
Follow-up
- →How do you rate limit across multiple servers?
- →How do you handle legitimate traffic spikes?
WebSockets for real-time bidirectional communication. Message queue for delivery guarantees. Database for persistence and history. Presence service for online status. Push notifications for offline users. Consider message ordering, read receipts, and scaling WebSocket connections.
Follow-up
- →How do you ensure messages arrive in order?
- →How do you handle millions of concurrent connections?
Queue incoming notification requests. Worker processes route to appropriate channel (email, SMS, push). Template engine for message formatting. User preferences for channel and frequency. Deduplication to prevent spam. Delivery tracking and retry logic.
Follow-up
- →How do you prevent notification fatigue?
- →How do you handle provider failures?
Two approaches: Push (fan-out on write)—precompute feeds when posts are created. Pull (fan-out on read)—compute feed on request. Hybrid works best: push for most users, pull for celebrities. Cache hot feeds. Rank by relevance or chronologically.
Follow-up
- →How do you handle users with millions of followers?
- →How do you balance recency vs relevance?
Look for: Did they voice concerns respectfully? Did they gather data to support their position? Could they commit once a decision was made? Red flag if they can't give an example or blame others. Great answers show they can disagree, then fully support the team's choice.
Follow-up
- →What was the outcome?
- →Would you handle it differently now?
Look for: Structured learning approach. Resourcefulness in finding information. Practical application to cement knowledge. Self-awareness about knowledge gaps. Strong candidates show they can be productive quickly without knowing everything.
Follow-up
- →What resources do you typically use?
- →How do you know when you've learned enough?
Look for: Ownership without excessive blame. Quick action to mitigate impact. Clear communication with stakeholders. Systemic fixes to prevent recurrence. Red flag if they claim never to have made one or minimize their role.
Follow-up
- →What did you do immediately after discovering it?
- →What processes changed as a result?
Look for: Framework for prioritization (impact, urgency). Communication with stakeholders about tradeoffs. Willingness to push back when necessary. Ability to delegate or ask for help. Red flag if they always say yes without negotiation.
Follow-up
- →Give me a specific example.
- →How do you communicate delays?
Look for: Empathy and attempt to understand their perspective. Focus on outcomes over personalities. Direct but professional communication. Escalation only when necessary. Red flag if they only blame the other person.
Follow-up
- →What did you learn from it?
- →Did the relationship improve?
Use this to assess alignment with your actual work. No wrong answer—but mismatch predicts unhappiness. Probe for self-awareness about preferences. Great candidates can articulate why and adapt when needed.
Follow-up
- →How do you handle projects that don't excite you?
- →What would make this role exciting?
Look for: Context-dependent thinking. Understanding that 'it depends' on stakes and reversibility. Ability to articulate tradeoffs to stakeholders. Recognition that perfect is the enemy of good. Red flag if they're rigid either way.
Follow-up
- →Give an example where you chose speed.
- →How do you communicate technical debt?
Look for: Balance of thoroughness and respect. Focus on important issues over nitpicks. Teaching mindset. Openness to receiving feedback. Understanding that reviews catch issues and spread knowledge.
Follow-up
- →What do you look for first?
- →How do you give feedback on a PR you disagree with?
Look for: Investment in others' growth. Patience and adapted approach. Specific examples of how they helped. Understanding that mentoring benefits both parties. Not everyone has formal mentoring experience—side project guidance counts.
Follow-up
- →What was challenging about it?
- →What did you learn?
Quality of questions reveals preparation and priorities. Great questions: about team challenges, growth opportunities, engineering culture, product direction. Red flags: no questions, or only about perks and hours.
Resources & Further Reading
Internal Resources
- 60 Behavioral Interview Questions
Assess leadership and culture fit
- How to Hire Your First Engineer
Complete hiring process guide
- How to Write Job Descriptions
Attract better candidates
- AI Interview Features
Automate consistent screening
External Resources
- Google re:Work - Structured Interviewing
Research-backed interview methods
- SHRM Talent Acquisition
HR industry best practices
- Stack Overflow Developer Survey
Industry trends and salary data
- Bureau of Labor Statistics
Official employment projections
Let AI conduct these interviews
Prepzo's AI interviews ask consistent questions and provide detailed scorecards for every candidate.
Try free