What to Expect in the Wiz System Design Interview

Wiz's system design interview draws on one of the more distinctive platforms in enterprise software: an agentless cloud-security system that connects to customers' AWS, Azure, and GCP accounts via APIs, inventories everything (compute, storage, identities, network paths, secrets), and assembles it into the Security Graph, where the product's signature analysis happens: finding toxic combinations, chains of individually modest issues that compose into critical attack paths. Design prompts orbit that machinery: ingestion at billions-of-resources scale, graph storage and query, prioritization pipelines, and multi-tenancy where the tenants are security-sensitive enterprises and the data is the map of their weaknesses.

Post-acquisition context matters here too: Wiz's multicloud commitment inside Google Cloud makes provider-agnostic design (clean abstractions over three clouds' APIs) not just good engineering but company strategy.

The Question Territory

  • Design the cloud inventory and ingestion pipeline. Connect to a customer's cloud accounts (API-only, no agents), enumerate all resources and configurations across providers, keep the picture fresh against constant change, and do it within provider rate limits. Probes: full-scan versus event-driven incremental updates, rate-limit budgeting, and normalizing three providers' wildly different resource models.
  • Design the Security Graph. Store hundreds of millions of nodes (resources, identities, permissions, network paths) per large tenant, support the queries that find attack paths ("internet-exposed VM with a role that can read the crown-jewel bucket"), and keep query latency interactive for the console. The graph-modeling and traversal-at-scale conversation is the house specialty.
  • Design the risk prioritization engine. Turn millions of findings into a ranked queue humans can act on: toxic-combination detection (multi-hop graph patterns), severity scoring with customer context, deduplication, and the noise problem that defines the security-tooling industry.
  • Design multi-tenant isolation for a security platform. The stakes inversion: your customers' data is a map of their vulnerabilities. Tenant isolation, credential handling for customer cloud access (the platform holds keys to everything), and blast-radius thinking about the platform itself as a target.
  • Design scan scheduling and freshness. Millions of accounts, varied change velocities, provider rate limits, and the freshness-versus-cost curve: what must be near-real-time (new public exposure) versus daily (config drift in dev accounts).

What Interviewers Are Probing

  1. API-constrained ingestion realism. The agentless model means living inside cloud providers' APIs: pagination, rate limits, eventual consistency, and permission scopes. Candidates who design cheerful unlimited-throughput crawlers reveal unfamiliarity; candidates who budget API calls like money fit the domain.
  2. Graph thinking at scale. The toxic-combination idea is multi-hop graph query at hundreds-of-millions-of-nodes scale: precompute versus query-time traversal, incremental graph updates as resources change, and indexing for the hot patterns. You need graph-store literacy (property graphs, adjacency modeling, traversal costs), not a specific product's syntax.
  3. The noise-to-signal obsession. Security tools die by alert fatigue; Wiz won partly by prioritization. Designs that treat ranking, deduplication, and context (is this bucket actually reachable? does it actually contain sensitive data?) as core architecture, not post-processing, match the product thesis.
  4. Security-of-the-security-platform instincts. Handling customer cloud credentials, least-privilege access patterns, per-tenant encryption, and honest reasoning about the platform as a high-value target. Raising this unprompted is a strong domain signal.
  5. Multicloud abstraction judgment. Where to normalize (a common resource model for analysis) versus preserve provider fidelity (the details attacks actually exploit): the tension is real and interviewers probe whether you feel it.

Walkthrough Sketch: The Ingestion Pipeline and Graph Refresh

Requirements first: a large tenant has, say, 50 cloud accounts across three providers with tens of millions of resources; the security picture must reflect critical changes (new public exposure, new admin grant) within minutes and everything else within hours; and provider API rate limits are hard constraints per account. Architect in two planes and say why: a snapshot plane (periodic full enumeration per account for completeness, because event streams miss things) and an event plane (provider change feeds: CloudTrail-style events, driving targeted re-scans for freshness), reconciled so the graph converges even when events are lost.

Ingestion workers are per-provider adapters normalizing into a common resource model, with per-account rate budgets enforced by token buckets and scan schedulers that spend the budget by risk: identity and network-exposure resources re-enumerate hourly, inert storage metadata daily. Everything lands in a staging store, then diffs against the current graph: only changes propagate, which keeps graph writes tractable. The graph itself: nodes for resources, identities, and network endpoints; edges for permissions, trust, and reachability; partitioned by tenant (hard isolation, per-tenant encryption keys) and updated incrementally with the diff stream. Toxic-combination detection runs as materialized pattern queries: the known dangerous patterns (public exposure + privilege path + sensitive data) precompute incrementally as edges change, with alert-on-transition semantics so customers hear when a path opens, not on every scan. Failure and trust handling close it: a provider API outage degrades freshness visibly (per-account staleness surfaced in the console, never silently stale), credential handling uses short-lived scoped tokens per scan with an audited broker, and the reconciliation between snapshot and event planes is itself monitored, because the worst failure in this product is confident incompleteness: telling a customer they are safe on a partial picture.

How to Prepare

For the full loop, see What is the Wiz interview process like?, and prepare the culture dimension with Top Wiz behavioral interview questions and your answer to "Why Wiz?"

TAGS
System Design Interview
System Design Fundamentals
CONTRIBUTOR
Arslan Ahmad
Arslan Ahmad
ex-FAANG engineering manager and author or Grokking series.
-

GET YOUR FREE

Coding Questions Catalog

Design Gurus Newsletter - Latest from our Blog
Boost your coding skills with our essential coding questions catalog.
Take a step towards a better tech career now!
Explore Answers
What is problem analysis in software engineering?
Example System Design Interview: Designing a Real-Time Chat Application
Experimenting with different coding styles to find personal fit
What Is Saga Pattern?
Learn what the Saga pattern is in microservices, when to use it, examples, trade-offs, and interview tips. Perfect for system design interview prep.
Why is it called Amazon?
What Is the Discord Interview Process Like? (Round by Round)
Discord's loop is anchored by its build-a-service round (the TCP chat server is real), with a full-day panel covering Values, Attitude, Coding, and Architecture. Structure and preparation.
Related Courses
Grokking the Coding Interview: Patterns for Coding Questions course cover
Grokking the Coding Interview: Patterns for Coding Questions
The 24 essential patterns behind every coding interview question. Available in Java, Python, JavaScript, C++, C#, and Go. The most comprehensive coding interview course with 543 lessons. A smarter alternative to grinding LeetCode.
4.6
Discounted price for Your Region

$197

Grokking Modern AI Fundamentals course cover
Grokking Modern AI Fundamentals
Master the fundamentals of AI today to lead the tech revolution of tomorrow.
3.9
Discounted price for Your Region

$72

Grokking Data Structures & Algorithms for Coding Interviews course cover
Grokking Data Structures & Algorithms for Coding Interviews
Unlock Coding Interview Success: Dive Deep into Data Structures and Algorithms.
4
Discounted price for Your Region

$78

Design Gurus logo
One-Stop Portal For Tech Interviews.
Copyright © 2026 Design Gurus, LLC. All rights reserved.