28 days old

Application Security Engineer

Cisco Systems Inc.
San Francisco, CA 94102
Apply Now
Apply on the Company Site
Who We Are

Cisco Cloud Security Group is at the forefront of developing cloud-delivered security needs and challenges of our customers. With annual revenue exceeding $200M, it is one of the fastest-growing businesses at Cisco. As Cisco is transforming its business model aggressively to software and recurring revenue model, our cloud security business is leading this journey with 100%+ YoY growth in software recurring revenue.

What We Do

The Cloud Security group focuses on developing solutions that provide Security as a Service to our customers. Our vision is to build the most comprehensive security solutions that are both easy to deploy and simple to manage. We are at the initial stages of this journey and looking for passionate and innovative engineers to help realize this vision. The notion of traditional perimeter-based security is being disrupted. Since users, apps, and infrastructure have all moved to the cloud, security must too. Welcome to the team of geeks passionate about solving this very problem and making the world a better place by making it a secure place.

We have a highly scalable cloud infrastructure spread across 25 data centers where we run our cloud security applications that operate at massive scale - 100B+ requests per day from 65M daily active users.

What Youll Do
We are looking for a Lead Application Security Engineer, who will be responsible for defining and maintaining consistent Secure Software Development Life-cycle practices for all a distributed global engineering team. You will build a centralized team of application security engineers and forge partnerships with security engineers embedded in engineering. 

  Roles and Responsibilities: 

  • Help define consistent Secure Software Development Life-cycle practices for Cisco Cloud Security  
  • Help define engagement model with Cisco Cloud Security Engineering teams 
  • Improve secure coding practices, application security requirements, automation, training, and metrics 
  • Define a framework for security design reviews 
  • Integrate threat modelling practices into the Software Development Lifecycle 
  • Help to define our penetration testing strategy 
  • Help to develop relevant application security training for Engineering 
  • Manage cross-functional internal and external team collaboration, evangelization, and communications 
  • Lead and mentor colleagues with your expertise and knowledge. 
  • Maintain active understanding of industry practices for secure software development and incident response 

Who You Are

  • Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies 
  • Experience with SAST, DAST, IAST, SCA and fuzz testing tools 
  • Familiarity with microservice architecture, Jenkins, Docker, Kubernetes, AWS 
  • Hands on experience with Software Development Golang, Java / C# / C++, JavaScript and HTML,  
  • Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment 
  • Experience in web application design, penetration testing, application risk assessment and risk categorization 
  • Experience with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security in a DevOps environment 
  • Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies

Familiarity with compliance frameworks (NIST800-53)

  • Mid-level experience with Bachelor's degree or experience with Master's degree in Computer Science, Mathematics, Physics, or equivalent 
Why Cisco
We connect everything: people, processes, data, and things. We innovate everywhere, taking bold risks to shape the technologies that give us smart cities, connected cars, and handheld hospitals. And we do it in style with unique personalities who aren't afraid to change the way the world works, lives, plays, and learns.  
Why Cisco Cloud Security

Cisco Cloud Security enables you to securely adopt the cloud and better manage security for the way the world works today. It protects users against threats anywhere they access the internet and secures your data and applications in the cloud. You can also leverage the cloud to enhance security through simplified policy management and dynamic threat intelligence. With Cisco Cloud Security, you gain complete visibility into internet activity across cloud applications, all office locations, and roaming devices, plus faster threat detection and response. Cisco Cloud Security provides an effective security platform that is open, automated, and simple to use. And its backed by industry-leading threat information delivered by the Cisco Talos security intelligence and research group. 
We Are Cisco!




Posted: 2020-03-02 Expires: 2020-04-02

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Application Security Engineer

Cisco Systems Inc.
San Francisco, CA 94102
Facebook Share
Copy Job URL

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast