Primary Location: United States-California-Sunnyvale-US-CA-Sunnyvale
Requisition ID: 200765
Joining Intuitive Surgical means joining a team dedicated to using technology to benefit patients by improving surgical efficacy and decreasing surgical invasiveness, with patient safety as our highest priority.
The Engineering Product Security Team is responsible for the secure-by-design aspects of hardware and software products, infrastructure and cloud services that collect and analyze medical device machine data from thousands of systems deployed world-wide.
The ideal candidate for the position of Sr. Product Security Engineer will have proven experience working in risk and vulnerability management, incident response, product-line security management and Quality systems.
This position requires a candidate with strong technical and interpersonal skills, the ability to work effectively and collaboratively with the business and peer Engineering teams to deliver high quality solutions that ensure patient safety.
Roles and Responsibilities:
- Serve as the embedded cybersecurity SME in a medical device product development group, while reporting into and maintaining corporate cybersecurity standards, policies and proceedures
- Use Cyber Threat Modeling and other cyber risk management techniques for pre-market medical device products and services, to shape product design and drive the successful implementation of Secure by Design principals.
- Develop, manage, and update Design Documentation
- Work closely with product teams to develop, implement and support the testing of cybersecurity requirements into complex products and cloud infrastructures
- Perform Information System security controls assessments and audits
- Participate in design of policies to improve the robustness and defense-in-depth for product lines
- Staying current with new and evolving security topics and technologies via formal training and self-directed education
- Other duties as assigned
Competency Requirements: In order to adequately perform the responsibilities of this position the individual must possess:
- Strong knowledge of secure design practices such as Threat modeling (STRIDE, PASTA etc.)
- Intermediate knowledge of three or more of the following technical areas: Network security, Application security, Cloud Security, Embedded system security;
- Experience with Risk assessment and Risk analysis of products
- In-depth experience with a Quality system in a regulated industry, preferably in medical device manufacturing
- Good understanding of the Information Security top 10 domains (CISSP)
- Familiar with cyber security frameworks and standards such as OWASP, NIST and ISO
- Strong analytic skills as proven by a track record of analyzing and fixing complex problems in products and processes
- Excellent judgment in the presence of competing priorities and incomplete data; proven ability to make difficult trade-offs with good judgment
- Five or more years’ experience, with medical device, ICS/SCADA or embedded system experience highly desirable
- BS/BA with 12+ years of experience required (or 8 years experience with a Masters Degree) along with demonstration of sophisticated and logical thought processes.
- Expert level knowledge of TCP/IP, SSL/TLS, HTTP, switching and routing, Windows & Linux OS, Relational SQL databases highly desirable.
- CAP, CISA, CISSP, GCIA, GIAC, GISF, GSEC, SSCP or equivalent certification required.
- Ability to present and whiteboard technical architectures and workflows
- A passion for finishing the vital thing efficiently and well, and attention to the right details.
- Strong verbal, written and presentation skills
- A strong desire to make work fun.
- Travel: <10~20%
- Job location: Sunnyvale, CA or Santa Barbara, CA
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.