Staff Systems Engineer

We are seeking a highly experienced Staff Engineer in Infrastructure to contribute to the strategy architecture and operations of Infrastructure as Code (IaC) for the Technical Operations group (Azure GCP AWS). This role also requires deep expertise in Public Key Infrastructure (PKI) and certificate lifecycle management Active Directory domain management infrastructure automation and infrastructure security (including SIEM). You will be a technical leader operating in highly regulated enterprise environments including those governed by HIPAA HiTrust ISO 27001 FDA and FIPS 140-2.

Collaboration with Product teams is central: the Staff Engineer will work closely with Product owners and engineering teams to ensure our infrastructure aligns with evolving product requirements enabling rapid and reliable delivery of digital products. Experience supporting environments with protected health information (PHI) subject to HIPAA and operating within frameworks such as HiTrust and ISO 27001 is essential. This role will work very closely with our DevOps SRE QA and product teams.

Key Responsibilities

Strategy & Leadership

• Define implement and evangelize the strategic roadmap for automated infrastructure deployments and process innovation across hybrid environments.
• Lead and mentor infrastructure engineering teams fostering a culture of ownership efficiency and regulatory compliance.
• Build strong partnerships with Product teams understanding requirements and ensuring product delivery is enabled by robust scalable and compliant infrastructure solutions.

Collaboration with Product Teams

• Partner with Product owners engineers and delivery leads to translate product requirements into secure and scalable infrastructure designs.
• Proactively advise Product teams on infrastructure opportunities limitations and automation best practices.
• Participate in backlog prioritization and infrastructure enhancements that support the product roadmap.

Infrastructure Automation (IaC)

• Support and maintain automated infrastructure provisioning using Terraform Ansible working with our DevOps team in support of our CI/CD pipelines across cloud (AWS Azure GCP) and on-prem resources.
• Evaluate and implement automation and orchestration tools for full infrastructure lifecycle management.

PKI & Certificate Management

• Own Digital-wide PKI architecture and certificate lifecycle management (issuance renewal revocation inventory) for all environments.
• Ensure practices meet rigorous privacy security and compliance standardsincluding HIPAA HiTrust ISO 27001 FDA and FIPS 140-2.
• Work closely with our product teams in support of business requirements and priorities.

Active Directory & Domain Services

• Architect manage and maintain Active Directory domains domain controllers GPOs FSMO roles and directory/hygiene.
• Oversee integrations with cloud platforms (Azure AD Google Directory) federation identity/access management and automation for provisioning deprovisioning and auditing.

Monitoring Security & SIEM

• Deploy configure and operate SIEM solutions for infrastructure monitoring compliance reporting threat detection and incident response.
• Ensure infrastructure controls and alerting mechanisms meet enterprise security and regulatory standards.

Supporting HIPAA HiTrust ISO 27001

• Design implement and maintain controls and processes required to securely support store transmit and process HIPAA data and PHI.
• Collaborate with InfoSec and Compliance teams to ensure safeguards (administrative physical and technical) meet HIPAA HiTrust ISO 27001 and other regulatory requirements staying audit-ready for all frameworks.
• Maintain documentation facilitate compliance audits and drive ongoing risk assessments under these regimes.

Operational Excellence

• Establish and track KPIs SLAs for infrastructure reliability performance certificate validity and compliance posture.
• Lead continual process improvement and incident avoidance through automation and observability.
• Provide technical guidance and escalation support for infrastructure-related incidents.

Additional Responsibilities

• Participate in infrastructure budget planning vendor evaluation and contract management.
• Partner closely with InfoSec Compliance and Application teams to align security and operational priorities.
• Support change management and incident response protocols and best practices.
• Support Design control principles.
• Support the design and implementation of on-prem virtualization and storage.
• Support Windows and Linux build standards and deployments.
• Support Kubernetes clusters.

Qualifications :

Technical Expertise

• IaC: Advanced proficiency with Terraform Ansible and CI/CD for infrastructure automation.
• Cloud Platforms: Extensive experience architecting and deploying infrastructure in AWS Azure GCP.
• PKI: Deep experience in enterprise PKI and certificate lifecycle management (ADCS DigiCert Key Factor).
• Active Directory: Expert in AD architecture GPO domain controller health federation and automation.
• SIEM: Skilled with SIEM platforms (Splunk Elastic Datadog) including querying dashboarding and alerting.
• Scripting: Proficient in Python PowerShell Bash etc. for automation.
• Regulatory Compliance: Strong experience supporting HIPAA HiTrust ISO 27001 FDA FIPS 140-2 and GxP environments including control implementation and audit readiness.
• Kubernetes

Leadership & Management

• Demonstrated track record of leading technical teams and high-impact cross-functional initiatives.
• Experience managing vendors contracts and operational metrics.

Soft Skills

• Clear effective communication and analytical problem solving.
• Strong collaboration skills especially with Product and engineering teams.
• Ability to educate influence and align stakeholders in a dynamic regulated enterprise.

Preferred Certifications

• Cloud: AWS/GCP/Azure Solutions Architect Networking Specialty.
• Security: CISSP CISM
• Microsoft: MCSA/MCSE (Active Directory Windows Server).
• Project/Process: PMP ITIL Foundation.

Minimum Education and Experience requirements

• Education: A Bachelors degree in Computer Science Information Systems Engineering or a related technical field is required. A Masters degree is preferred particularly for candidates with enterprise leadership experience in regulated environments such as healthcare life sciences or financial services.
• Experience: Minimum of 10 years in infrastructure engineering architecture or operations with at least 5 years in technical leadership roles. Proven experience designing and managing infrastructure in highly regulated environments governed by HIPAA HiTrust ISO 27001 FDA and FIPS 140-2 is preferred. Strong background in PKI Active Directory cloud platforms (AWS Azure GCP) and Infrastructure as Code (IaC) is required.

Additional Information :

Due to the nature of our business and the role please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19.  Details can vary by role.

Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees and prohibit discrimination and harassment of any type without regard to race sex pregnancy sexual orientation gender identity national origin color age religion protected veteran or disability status genetic information or any other status protected under federal state or local applicable laws.

Mandatory Notices

U.S. Export Controls Disclaimer:  In accordance with the U.S. Export Administration Regulations (15 CFR 743.13(b)) some roles at Intuitive Surgical may be subject to U.S. export controls for prospective employeeswho are nationals from countries currently on embargo or sanctions status.

Certain information you provide as part of the application will be used for purposes of determining whether Intuitive Surgical will need to (i) obtain an export license from the U.S. Government on your behalf (note: the governments licensing process can take 3 to 6 months) or (ii) implement a Technology Control Plan (TCP) (note: typically adds 2 weeks to the hiring process).  

For any Intuitive role subject to export controls final offers are contingent upon obtaining an approved export license and/or an executed TCP prior to the prospective employeesstart date which may or may not be flexible and within a timeframe that does not unreasonably impede the hiring need. If applicable candidates will be notified and instructed on any requirements for these purposes. 

We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.

Preference will be given to qualified candidates who do not reside or plan to reside in Alabama Arkansas Delaware Florida Indiana Iowa Louisiana Maryland Mississippi Missouri Oklahoma Pennsylvania South Carolina or Tennessee.

We provide market-competitive compensation packages inclusive of base pay incentives benefits and equity. It would not be typical for someone to be hired at the top end of range for the role as actual pay will be determined based on several factors including experience skills and qualifications. The target compensation ranges are listed.

Remote Work :

No

Employment Type :

Full-time