All challenges
Most candidates spend 6–10 hours; take what you need.

Defensive Hardening & Observability

Design an observability and anomaly-detection layer that would catch a compromised or misbehaving production service fast.

The problem

Most services are instrumented for happy-path metrics (requests served, latency) but not for the signals that actually catch a compromised process — anomalous CPU/network patterns, unexpected outbound connections, a scheduled job suddenly doing something it never does.

The hard part is signal-to-noise: naive thresholds either miss real incidents or page someone every night for nothing. We want to see how you'd design detection that's both sensitive and trustworthy.

What to deliver

  • A design for an anomaly-detection and alerting layer for a production service of your choice (pick any realistic backend — a scheduled-job runner, a public API, a worker pool).
  • At least one concrete detection rule with your reasoning for the threshold and why it minimizes false positives without missing real incidents.
  • A least-privilege design for the service in question — what should it NOT be able to do, even if compromised?
  • A short incident-response runbook sketch: what would the first 15 minutes look like if your alert fired for real?

What a good submission looks like

  • Picks detection signals that are actually hard to fake or avoid, not just "CPU > 80%."
  • Explicitly reasons about alert fatigue — a system nobody trusts because it cries wolf is worse than no system.
  • Applies least-privilege thinking concretely (specific permissions/scopes removed), not as a vague principle.

We're evaluating

Anomaly detection designAlert signal-to-noiseLeast-privilege thinkingIncident response clarity

How to submit

  1. Build your solution, using any tools or stack you prefer.
  2. Write up your thinking — decisions made, tradeoffs, what you'd do with more time.
  3. Zip your code + write-up, name it yourname-defensive-hardening.zip.
  4. Email it to us — the button below pre-fills the subject and a template.