Just finished the Cisco AppSec / Product Security Engineer loop. Sharing because I couldn't find many recent reports when I was prepping.
Total rounds: 5 over about 3.5 weeks. Recruiter screen, 30 min. Standard: background, timeline, comp range. They ask early. Technical phone screen with a hiring team engineer. Mine was a 45-min live coding session in HackerRank. Graph traversal problem, nothing insane, but they expected clean code and they wanted me to talk through edge cases. System design: we got into designing a threat detection pipeline. Not just 'draw boxes,' they pushed on how you'd handle false positive volume, alerting latency tradeoffs, and data retention policy. Clearly they care about real security architecture, not textbook answers. Behavioral with the hiring manager. Classic STAR, focused on conflict resolution and times I had to push back on engineering decisions for security reasons. Spent time here. Team fit / culture round. More conversational, felt like they were checking you'd actually want to work with these people.
The thing that surprised me: they really do care about your opinions. I pushed back on a design choice in round 3 and the interviewer seemed pleased. Cisco interviewers are not there to trick you, they're evaluating whether you think like a practitioner.
Offer came about 10 days after my final round. Worth the wait.