Cisco
Product Security Technical Leader - Embedded / Firmware Security
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Cisco
Cisco Systems, founded in 1984 by Leonard Bosack and Sandy Lerner, is a global leader in networking hardware and technology solutions. Based in San Jose, California, Cisco has significantly influenced modern internet infrastructure by providing essential products that enable secure and reliable communication for businesses and organizations worldwide. The company offers a wide range of networking technologies, including routers, switches, and wireless systems, which are vital for enterprise and service provider networks. Cisco also provides advanced data center products, cybersecurity solutions, and collaboration tools like WebEx and Cisco Jabber. Additionally, its Internet of Things (IoT) platforms help organizations collect and analyze real-time data to enhance operational efficiency. Cisco serves a diverse clientele, including small businesses, large enterprises, government agencies, and educational institutions, supporting critical infrastructure across various industries. With annual revenues exceeding $53 billion as of 2024, Cisco remains a leader in networking technology and digital transformation.
Security at Cisco
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Cisco's application security philosophy emphasizes an 'application-first' approach, integrating security throughout the entire application lifecycle and across public cloud, hybrid, and on-premises environments.
- This involves bringing development, operations, and security teams together, promoting DevSecOps best practices, and achieving security through automation.
- The goal is to have continuous security that adapts as applications change, providing greater insight and control by bringing security closer to the applications.
- Full-Stack Observability is utilized to break down silos and secure applications by correlating real-time telemetry.
Security Team
Information regarding the AppSec team's organizational structure, reporting lines, and estimated team size is not publicly available. Public statements by named AppSec leaders describing team philosophy or workflows were also not found to meet strict quote requirements. However, a job posting for a Lead AppSec Engineer indicates responsibilities such as designing and implementing solutions for integrating security services into CI/CD pipelines, and requiring coding skills in Ruby or Python.
Key Initiatives
Cisco's initiatives include designing and implementing solutions for integrating security services into CI/CD pipelines, reflecting a 'shift left' approach. Security is integrated throughout the software development lifecycle. Additionally, there is a focus on AI application security, which involves continually scanning AI applications for vulnerabilities and using AI application firewalls to block malicious requests. Information regarding a Security Champions Program or explicit vulnerability triage SLAs, MTTRs, or ticket ownership statements is not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.