Cisco AI Engineer Case: Telemetry-Driven Network Anomaly Detection with GenAI Ops Assistant

This 75‑minute case reflects how Cisco evaluates AI engineers: pragmatic, customer‑outcome focused, and security‑first. You will design an AI solution that detects and explains network/service anomalies across Cisco Catalyst campus and data center fabrics, Meraki-managed sites, and Internet paths observed by ThousandEyes—then surfaces actions via a GenAI assistant used by TAC/NetOps in Webex and Catalyst Center. What you’ll cover: 1) Problem framing (customer lens): define target personas (NetOps, SecOps, SRE), success criteria (MTTD/MTTR reductions, false-positive budget), and deployment realities (change windows, brownfield networks, multi-tenant customers, hybrid cloud/on‑prem on UCS vs. SaaS). 2) Data and signals: enumerate Cisco-relevant telemetry and constraints—NetFlow/IPFIX, gNMI streaming telemetry, SNMP/syslog, Meraki events, Wireless RF metrics, Secure Firewall/Umbrella DNS, XDR, AppD/FSO KPIs, and ThousandEyes probes; discuss data quality, sampling, clock skew, and topology context. 3) Modeling approach: propose an approach combining time-series anomaly detection (e.g., seasonal decomposition/transformers), graph-aware reasoning for topology/failure blast radius, and semi‑supervised techniques to handle sparse labels. Explain feature engineering (baselines per site/device, seasonality, change-point detection), explainability (root-cause hints, SHAP-style attributions), and active learning with TAC feedback. 4) GenAI assistant: design a RAG pipeline grounded in Cisco runbooks, TAC KB, and configuration guides with guardrails (prompt hygiene, tool/function calling for remediation actions, citation of sources, hallucination controls, red-teaming). Describe how the assistant suggests CLI/API playbooks for Catalyst/Meraki/ThousandEyes and logs actions to SecureX/XDR for audit. 5) Architecture & scale: sketch data flow from edge collectors to streaming/feature store, online inference vs. batch learning, model registry, Canary/A-B rollout, and options for GPU/CPU placement (edge vs. regional). Address multi-tenancy, RBAC, tenant data isolation, and SLOs. 6) Security, privacy, and compliance: align with Cisco Secure Development Lifecycle, encryption, PII handling, data residency, and least-privilege service design. 7) Measurement & ops: define metrics (precision/recall, alert fatigue, operator trust score), offline/online evaluation, drift detection, incident postmortems, and feedback loops from TAC cases. Interview style: conversational whiteboarding with iterative probing, emphasis on trade-offs, clear customer narratives, and collaboration across PM/SE/TAC—typical of Cisco’s culture.