AI Security Research Engineer II (Full Time) - (United States)
Top focus
The application window is expected to close on: 07/15/2026 Job posting may be removed earlier if the position is filled or if a sufficient number of applications are received . Plans, conducts, analyzes, and shares applied security research that advances how AI is built and used securely across Cisco, spanning AI-assisted development, AI features in products, and AI in internal operations.
Combines AI/ML security research with hands-on engineering to threat-model AI systems, build guardrails and automated checks, and validate that AI-developed and AI-assisted software is at least as secure as traditionally developed software.
Serves as a security partner to engineering and product teams, and shares results that influence how teams ship AI safely and quickly. The role enables teams to adopt AI securely rather than acting as a gatekeeper. What You'll Do: - Executes straightforward, short-term AI security initiatives with guidance (e.g., one- to three-month deliverables such as a new guardrail, a GitHub Action security check, or an evaluation harness). - Influences a single feature or product team, helping them reach a secure outcome faster with AI, not despite it. - Applies a working understanding of AI/ML security concepts and frameworks (OWASP LLM Top 10, OWASP Agentic Top 10, MITRE ATLAS, NIST AI RMF) and develops judgment on ethical and responsible-AI considerations. - Supports AI-specific threat models for AI-native features (RAG, tool use, agentic workflows, MCP (Model Context Protocol) integrations), including risks such as prompt injection (direct and indirect), jailbreaks, data poisoning, model extraction, excessive agency, and supply-chain risk. - Runs defined adversarial tests and evaluations using Cisco AI Defense (Cisco's AI security solution) alongside open-source tooling such as NVIDIA's Garak; documents findings, success rates, and remediation guidance. - Builds or contributes to security tooling and guardrails (input/output filtering, automated checks, and release gates), delivered in CI/CD pipelines and agentic workflows under direction. - Integrates AI security into existing Secure Development Lifecycle practices: threat modeling, SAST/DAST/SCA, dependency and supply-chain, secrets, and licensing. - Supports data protection requirements for AI systems, including data classification, minimization, residency, and sensitive data handling. - Supports human review, approval, and accountability controls for AI-assisted development and agentic workflows. - Contributes to AI security standards, patterns, and security requirements, treating reference architectures as living documents that absorb emerging threats and engineering feedback. - Develops and tests hypotheses about AI attack surfaces and control effectiveness; uses measurable evidence rather than manual assertions. - Shares findings and demos with the team and partner groups with guidance; interacts with peers to understand cross-functional security needs. - Contributes to reusable patterns, training material, office hours, and security champion enablement for engineering teams. - Contributes to literature reviews, threat research write-ups, and presentations shared within the company; participates in internal and external AI security talks and discussions. - Develops familiarity with the fast-moving AI/LLM platform, agent-framework, and attacker-technique landscape through hands-on experimentation.
Minimum Qualifications: - Bachelor's + 2 years of related experience, or Master's + 0 years of related experience. - Foundation in security engineering (application/product security, secure SDLC, threat modeling) and/or AI/ML engineering, with demonstrated adversarial thinking. - Proficiency in Python
Preferred Qualifications
- Varies based on team and business needs
- in addition to Minimum Qualifications. - Hands-on exposure to LLM security: prompt injection defense, guardrails, insecure output handling, RAG and agentic-system risks. - Familiarity with AI red-teaming/eval tooling, including Cisco AI Defense and an open-source framework such as NVIDIA's Garak. - Experience with CI/CD, MCP (Model Context Protocol), agent-to-agent integration patterns, and AI development tools (Cursor, Claude Code, Copilot). - Knowledge of OWASP LLM/Agentic Top 10, MITRE ATLAS, NIST AI RMF, ISO/IEC 42001, or the EU AI Act. - A portfolio of applied work (security tooling contributions, CTF participation, or published threat research) is valued over certifications.
- At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond.
- We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds.
- These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint.
- Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions.
- Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless.
- We work as a team, collaborating with empathy to make really big things happen on a global scale.
- Because our solutions are everywhere, our impact is everywhere.
- We are Cisco, and our power starts with you.
- Message to applicants applying to work in the U.S. and/or Canada: The starting salary range posted for this position is $136,500.00 to $172,700.00 and reflects the projected salary range for new hires in this position in U.S. and/or Canada locations, not including incentive compensation*, equity, or benefits.
- Individual pay is determined by the candidate's hiring location, market conditions, job-related skillset, experience, qualifications, education, certifications, and/or training.
- The full salary range for certain locations is listed below.
- For locations not listed below, the recruiter can share more details about compensation for the role in your location during the hiring process.
- U.S. employees are offered benefits, subject to Cisco’s plan eligibility rules
- include medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, paid parental leave, short and long-term disability coverage
- basic life insurance.
- Please see the Cisco careers site to discover more benefits and perks.
- Employees may be eligible to receive grants of Cisco restricted stock units, which vest following continued employment with Cisco for defined periods of time.
- U.S. employees are eligible for paid time away as described below, subject to Cisco’s policies: 10 paid holidays per full calendar year, plus 1 floating holiday for non-exempt employees 1 paid day off for employee’s birthday, paid year-end holiday shutdown
- 4 paid days off for personal wellness determined by Cisco Non-exempt employees** receive 16 days of paid vacation time per full calendar year, accrued at rate of 4.92 hours per pay period for full-time employees Exempt employees participate in Cisco’s flexible vacation time off program
- has no defined limit on how much vacation time eligible employees may use (subject to availability and some business limitations) 80 hours of sick time off provided on hire date and each January 1st thereafter
- up to 80 hours of unused sick time carried forward from one calendar year to the next Additional paid time away may be requested to deal with critical or emergency issues for family members Optional 10 paid days per full calendar year to volunteer For non-sales roles, employees are also eligible to earn annual bonuses subject to Cisco’s policies.
- Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components, subject to the applicable Cisco plan.
- For quota-based incentive pay, Cisco typically pays as follows: .75% of incentive target for each 1% of revenue attainment up to 50% of quota
- 1.5% of incentive target for each 1% of attainment between 50% and 75%
- 1% of incentive target for each 1% of attainment between 75% and 100%
- and Once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.
- For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay 0% up to 125% of target.
- Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.
- The applicable full salary ranges for this position, by specific state, are listed below: New York City Metro Area: $160,100.00 - $239,000.00 Non-Metro New York state & Washington state: $146,200.00 - $212,800.00 * For quota-based sales roles on Cisco’s sales plan, the ranges provided in this posting include base pay and sales target incentive compensation combined. ** Employees in Illinois, whether exempt or non-exempt, will participate in a unique time off program to meet local requirements.