Lead Application Security Engineer
Location:San Francisco, California, US
Area of InterestEngineer - Software
Technology InterestCloud and Data Center
Who We Are
Cisco Cloud Security Group is at the forefront of developing cloud-delivered security needs and challenges of our customers. With annual revenue exceeding $200M, it is one of the fastest-growing businesses at Cisco. As Cisco is transforming its business model aggressively to software and recurring revenue model, our cloud security business is leading this journey with 100%+ YoY growth in software recurring revenue.
What We Do
The Cloud Security group focuses on developing solutions that provide Security as a Service to our customers. Our vision is to build the most comprehensive security solutions that are both easy to deploy and simple to manage. We are at the initial stages of this journey and looking for passionate and innovative engineers to help realize this vision. The notion of traditional perimeter-based security is being disrupted. Since users, apps, and infrastructure have all moved to the cloud, security must too. Welcome to the team of geeks passionate about solving this very problem and making the world a better place by making it a secure place.
We have a highly scalable cloud infrastructure spread across 25 data centers where we run our cloud security applications that operate at massive scale - 100B+ requests per day from 65M daily active users.
What You’ll Do
We are looking for a Lead Application Security Engineer who will be responsible for defining and maintaining consistent Secure Software Development Life-cycle practices for a distributed global engineering team. You will build a centralized group of application security engineers and forge partnerships with security engineers embedded in engineering.
Roles and Responsibilities:
-Define consistent Secure Software Development Lifecycle practices for Cisco Cloud Security and engagement model with Cisco Cloud Security Engineering teams
-Define a framework for security design reviews and represent security on the architecture review board
-Manage cross-functional internal and external team collaboration, evangelization, and communications
-Lead design security reviews and mentor colleagues with your expertise and knowledge
-Help to develop relevant application security training for Engineering
-Improve secure coding practices, application security requirements, automation, training, and metrics
-Integrate threat modeling practices into the Software Development Lifecycle
-Help to define our penetration testing strategy
-Maintain an active understanding of industry practices for secure software development and incident response
Who You Are
You have extensive experience in building and managing application security programs at native cloud companies. You successfully established relationships with Engineering based on collaboration, empathy, and pursuit of excellence.
-5+ years of security engineering experience and 3+ years of experience in both management and a cloud-production environment
-Solid understanding of application security, especially web application
-Significant experience in cloud security architecture and infrastructure
-Hands-on knowledge of information security technologies such as security design review, threat modeling, risk analysis, and software testing techniques
-In-depth knowledge of OWASP Top 10 and CWE 25; with proven track record and expertise in implementing and integrating remediation strategies
-Familiarity with microservice architecture, Jenkins, Docker, Kubernetes, AWS
-Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
-Experience in web application design, penetration testing, application risk assessment and risk categorization
-Experience with SAST, DAST, IAST, SCA and fuzz testing tools
-Experience with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security in a DevOps environment
-Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies
-Familiarity with compliance frameworks (NIST800-53)
-Mid-level experience with Bachelor's degree or experience with Master's degree in Computer Science, Mathematics, Physics, or equivalent
We connect everything: people, processes, data, and things. We innovate everywhere, taking bold risks to shape the technologies that give us smart cities, connected cars, and handheld hospitals. And we do it in style with unique personalities who aren't afraid to change the way the world works, lives, plays, and learns.
Why Cisco Cloud Security
Cisco Cloud Security enables you to securely adopt the cloud and better manage security for the way the world works today. It protects users against threats anywhere they access the internet and secures your data and applications in the cloud. You can also leverage the cloud to enhance security through simplified policy management and dynamic threat intelligence. With Cisco Cloud Security, you gain complete visibility into internet activity across cloud applications, all office locations, and roaming devices, plus faster threat detection and response. Cisco Cloud Security provides an effective security platform that is open, automated, and simple to use. And it’s backed by industry-leading threat information delivered by the Cisco Talos security intelligence and research group.
We Are Cisco!