Applied for an AppSec role on the avionics software side. Figured I'd document this because I couldn't find good recent reports.
Total rounds: 5. Recruiter screen (30 min, mostly standard), then a take-home that was legitimately interesting, not a toy. They gave me a small embedded C codebase and asked me to find security issues and write up mitigations. No trick answers, they genuinely wanted to see how I think about threat surface in constrained environments.
Then three technical sessions back-to-back on a virtual onsite day. One was deep on secure coding in C/C++, one was systems design (designing audit logging for a safety-critical system, which is not a typical interview question), and one was behavioral with a senior director.
The behavioral round was the most intense one. The director wanted to know about a time I'd flagged a security issue that nobody wanted to hear about. He pushed hard on what I actually did when the team pushed back. He wasn't looking for a story where I won. He wanted to see if I'd hold the line when it mattered.
Offer came 8 days after the onsite. Took it. The salary was slightly below what I could have gotten elsewhere, but the problem space is genuinely unlike anything in normal tech.