Did the Citi ICG Tech virtual onsite last month for a senior AppSec role. It was four rounds back to back over half a day. Going to be specific because vague posts are useless.
Round 1: Technical / Coding (45 min)
One medium LC problem (sliding window variant) plus some follow-up questions about time and space complexity. The follow-ups were genuine, not gotchas. They asked how I'd adapt the solution if the input were a stream rather than a fixed array. Real systems question dressed as a LC follow-up.
Round 2: System Design (60 min)
Already covered this in other posts but mine was specifically about designing a secrets management service. Made sense given my AppSec background. I suspect they tailor the problem to your background, at least partly. If they know you're a fintech backend person you'll probably get a payments or transaction system problem.
Round 3: Behavioral (45 min)
Two interviewers. They rotated questions. Heavy emphasis on collaboration and 'tell me about a time you influenced without authority.' They asked about a time I escalated a security risk and what the outcome was. Felt like they were specifically looking for people who don't bury problems.
Round 4: Hiring Manager (30 min)
Mostly conversational. He asked what I was looking for from the team, where I wanted to be in 3 years, and whether I had questions. He was straightforward, no tricks. I got the sense he'd already read the other interviewers' feedback and was mostly validating fit.
Debrief timing: offer came back 8 business days after the onsite. They said 5-7 but it slipped a little. Not unusual.
One thing nobody told me: they use a structured scoring sheet. The hiring manager mentioned it offhand. Your interviewers are scoring you on specific dimensions, not just vibing. That means concrete examples beat vague answers every time, even in the HM round.