Went through McKinsey's onsite for a Senior SWE security-adjacent role in April. Here's an honest account, not a polished success story. I got the offer but it took until round two (they gave me a second chance after a mediocre behavioral round).
The onsite format: fully virtual in my case, four rounds across two days. Two technical (coding + system design), one behavioral, one with a senior stakeholder.
Day one: coding and system design back to back. The coding round was a modified medium-difficulty graph problem. Nothing crazy. The system design was the interesting one: I was asked to design an internal audit logging system that captures consultant activity across multiple platforms while preserving client confidentiality. Given my security background, I found this fun. I went into access controls, log integrity, retention policies. The interviewer seemed surprised in a good way.
Day two: behavioral and stakeholder rounds. The behavioral was the rough one for me. I'd prepped five STAR stories but the question I got didn't map cleanly to any of them ('Tell me about a time you had to say no to a high-priority request from a senior stakeholder'). I had to construct an answer semi-live and it came out clunky. I knew it wasn't great.
The stakeholder conversation (with a director-level person) was mostly about ambitions: where do I see myself in three years, how do I think about impact. Felt more like a culture fit check than a rigorous evaluation.
The debrief: they came back with 'strong yes on technical, mixed on behavioral, we'd like a follow-up conversation.' That follow-up was a 30-minute behavioral redo with a different interviewer. I passed it.
Two things I'd tell anyone going in: first, don't skip behavioral prep because you're confident technically. Second, the 'say no to a stakeholder' archetype of question comes up a lot. Have a real answer for it.