AppSec Jobs
← Back to all jobs

Cisco

Application Security Engineer

Hybrid
Durham, NCPosted 4 days ago$128,400.00 - $172,300.00 (U.S. and Canada); New York City Metro Area: $158,800.00 - $237,400.00; Non-Metro New York state & Washington state: $137,700.00 - $211,100.00Website
Apply on LinkedIn →

At a Glance

6+ years experienceAWSAzureGCPKubernetesCI/CD

About This Role

Join Cisco's Enterprise AI team, the core group enabling Generative AI powered experiences across Cisco. Our mission is to build secure, scalable AI platforms that empower teams to safely develop, deploy, and operationalize AI-powered solutions. We operate at the intersection of applied AI, cloud infrastructure and security —partnering across engineering, security, compliance, and product teams to bring trusted AI to life at enterprise scale. We are a fast-growing, highly collaborative team of platform engineers, AI engineers, and data scientists who value technical depth, ownership, and pragmatic execution. What makes this team exciting is the opportunity to define how secure Generative AI is built and governed inside a global technology leader.

Responsibilities

  • Embed security into the Secure SDLC by defining and implementing guardrails across design, development, testing, and deployment phases
  • Integrate and optimize application security tooling, including SAST, DAST, SCA, and secrets scanning, within CI/CD pipelines to proactively identify and remediate vulnerabilities
  • Lead threat modeling and secure design reviews for cloud-native and microservices-based applications
  • Drive container and Kubernetes security practices, including image hardening, vulnerability management, and runtime controls
  • Define and enforce API security standards, including authentication, authorization, rate limiting, and protection against common API threats
  • Partner with engineering teams to triage, prioritize, and remediate security findings, improving overall security posture and developer experience
  • Establish secure coding standards and provide guidance on common vulnerabilities (e.g., OWASP Top 10) and remediation best practices
  • Enhance software supply chain security through dependency management, artifact integrity, and build pipeline protections

Requirements

GCPAzureAWSCI/CDKubernetesCISSP
  • Bachelor's degree in Computer Science, Information Security, or related field with 6+ years of experience in cybersecurity or cloud security engineering
  • 3+ years of hands-on experience securing GCP, Azure, or AWS environments in production enterprise environments
  • Experience integrating security controls into CI/CD pipelines and Kubernetes environments, including container image hardening, vulnerability scanning, image signing, and runtime policy enforcement
  • Experience securing AI/ML workloads and Generative AI systems, including model, data, and inference endpoint protection
  • Cybersecurity background and operational experience (preferred)
  • Certifications from ISC2 (e.g CISSP, CCSP) or ISACA (e.g., SSCP, CC, CISA, CISM) (preferred)
  • Experience designing and managing IAM, encryption, and network security controls (preferred)

Benefits & Perks

Medical, dental and vision insurance
401(k) plan with a Cisco matching contribution
Paid parental leave
Short and long-term disability coverage
Basic life insurance
10 paid holidays per full calendar year, plus 1 floating holiday for non-exempt employees
1 paid day off for employee's birthday, paid year-end holiday shutdown, and 4 paid days off for personal wellness
16 days of paid vacation time per full calendar year for non-exempt employees (accrued at rate of 4.92 hours per pay period)
Flexible vacation time off program for exempt employees
80 hours of sick time off provided on hire date and each January 1st thereafter
Optional 10 paid days per full calendar year to volunteer
Annual bonuses for non-sales roles
Eligible to receive grants of Cisco restricted stock units

About Cisco

Cisco Systems, founded in 1984 by Leonard Bosack and Sandy Lerner, is a global leader in networking hardware and technology solutions. Based in San Jose, California, Cisco has significantly influenced modern internet infrastructure by providing essential products that enable secure and reliable communication for businesses and organizations worldwide. The company offers a wide range of networking technologies, including routers, switches, and wireless systems, which are vital for enterprise and service provider networks. Cisco also provides advanced data center products, cybersecurity solutions, and collaboration tools like WebEx and Cisco Jabber. Additionally, its Internet of Things (IoT) platforms help organizations collect and analyze real-time data to enhance operational efficiency. Cisco serves a diverse clientele, including small businesses, large enterprises, government agencies, and educational institutions, supporting critical infrastructure across various industries. With annual revenues exceeding $53 billion as of 2024, Cisco remains a leader in networking technology and digital transformation.

Industry

information technology & services

Employees

91,000

36594 engineers

Revenue

$57B

Website

Visit →

Security at Cisco

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Cisco's application security philosophy emphasizes an 'application-first' approach, integrating security throughout the entire application lifecycle and across public cloud, hybrid, and on-premises environments.
  • This involves bringing development, operations, and security teams together, promoting DevSecOps best practices, and achieving security through automation.
  • The goal is to have continuous security that adapts as applications change, providing greater insight and control by bringing security closer to the applications.
  • Full-Stack Observability is utilized to break down silos and secure applications by correlating real-time telemetry.

Security Team

Information regarding the AppSec team's organizational structure, reporting lines, and estimated team size is not publicly available. Public statements by named AppSec leaders describing team philosophy or workflows were also not found to meet strict quote requirements. However, a job posting for a Lead AppSec Engineer indicates responsibilities such as designing and implementing solutions for integrating security services into CI/CD pipelines, and requiring coding skills in Ruby or Python.

Key Initiatives

Cisco's initiatives include designing and implementing solutions for integrating security services into CI/CD pipelines, reflecting a 'shift left' approach. Security is integrated throughout the software development lifecycle. Additionally, there is a focus on AI application security, which involves continually scanning AI applications for vulnerabilities and using AI application firewalls to block malicious requests. Information regarding a Security Champions Program or explicit vulnerability triage SLAs, MTTRs, or ticket ownership statements is not publicly available.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn