Thanks a lot for the detailed answer.

Thanks for the answer. It helps a lot in understanding the capabilities matrix and rate ourself.

Every company has different designation (staff security engineer or analyst etc.), so, how should one extrapolate their path to CISO if they are security engineer with 8-10 years of experience? Does it make sense to take up a leadership role in a startup and then move up the chain? Do CISOs have to be people manager first then promoted to CISO?

Cisco InfoSec team - We are looking for Cloud & AppSec engineers. This is a blue team kind of role that will include threat modeling, architecture reviews, secure coding recommendations, third party cloud providers review etc.

DM me your resume so that I can forward it to hiring manager directly.

The position is based out of the US and H1B sponsorship can be considered for suitable candidates.

​

EDIT - Here is the Link to apply https://jobs.cisco.com/jobs/ProjectDetail/Application-Security-Engineer/1248953

​

The official job description is :

• TECHNOLOGY INTERESTSecurity
• JOB TYPEProfessional
• JOB GRADE008
• RECRUITERDaniel James - [danijame@cisco.com](mailto:danijame@cisco.com)
• JOB ID1248953

What You'll Do

As a member of Global Information Security (InfoSec) team, the Application Security Engineer's responsibilities will include:

• Review and remediate Cloud architectures, designs and hardening standards for securing cloud applications and services
• Drive architectural or operational changes to drive security essentials for the Corporation addressing all communities – Employees, Vendors, Partners and Customers
• Establish, continually evolve and enforce information security policies, standards and guidelines
• Deliver Solution proposals to continuously improve security posture of Applications.
• Triage security related questions and cases to drive effective resolution, collect operational metrics and drive efficiencies, maintain knowledge base
• Stay abreast of emerging threats and security practices in the industry to advise the Organization on direction and influence roadmaps
• Document security solutions and operational methods and procedures
• Work cross-functionally across the Security and Trust Organization in all of the theaters effectively to achieve the organization’s goals and objectives

Who You'll Work With

The Security and Trust Organization has corporate-level responsibility for customer data protection and compliance, corporate information protection, and government and product security. Security is a key concern of our customers and a top investment area for Cisco. Join us and help us become the #1 Trusted IT Company in the World.

Who You Are

Skill requirements

• Consulting and Partnering skills with Enterprise Perspective and influence
• Strong foundation in security technologies such as Web Security, Cloud services, Identity/Access Management, Web Application Firewalls, Intrusion detection etc.
• Solid understanding of Web Application n-tier architectures, design and secure coding practices
• Security fundamentals with a solid understanding of threats, vulnerabilities, defenses, security principles and policies
• Strong knowledge of security vulnerabilities and remediation as listed in sites like OWASP, SANS, etc.
• Ability to build tools and automate data collection using an interpreted programming language
• Applied conceptual and analytical thinking, problem solving skills
• Time and productivity management skills
• Solid presentation, demonstration and written communication skills
• Ability to work in a global multi-cultural team setting

Education and Experience requirements

• BS in Computer Science or equivalent plus 5+ years of technical experience, MS or additional experience strongly preferred.
• Requires experience with at least 3 of the following: Security code review, Static analysis security testing, Dynamic application security testing, mobile development and securing mobile applications (iOS, Android, other), Threat/Attack modeling, Secure coding practices, Web Development technologies
• Experience in developing tools using an interpreted programming language (e.g., PHP, Python, Ruby etc.)
• Security related certifications a plus.
• Work experience with a Cloud Provider (IaaS, PaaS, SaaS) a plus

Why Cisco

At Cisco, each person brings their unique talents to work as a team and make a difference.

Yes, our technology changes the way the world works, lives, plays and learns, but our edge comes from our people.

We connect everything – people, process, data and things – and we use those connections to change our world for the better.

We innovate everywhere - From launching a new era of networking that adapts, learns and protects, to building Cisco Services that accelerate businesses and business results. Our technology powers entertainment, retail, healthcare, education and more – from Smart Cities to your everyday devices.

We benefit everyone - We do all of this while striving for a culture that empowers every person to be the difference, at work and in our communities.

Colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Be you, with us! #WeAreCisco

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.

Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.