The "employee access to customer data isn't protected" sits as unsolved an opportunity canvas/brief in almost every SaaS company. You can get to a fair amount of controls with little to no code and only with process changes (aka SoC and ISO certifications), which is also what SaaS security teams spend quite a bit of time on. There are a fair amount of problems to be solved here.
Hey there, I work on the infra team at Contentful and wanted to expand on the caching. Polling AWS Secrets Manager often can incur considerable costs since it is priced by API calls. We've tried to alleviate this by caching the list of secrets and their values in the process.
I have a different take: Nothing really wrong with gaming the system. If someone has successfully "gamed" the interview but not effective at their role, then the interview isn't testing the candidate for the role and sounds like a broken interview loop.