Staff Product Security Engineer

Staff Product Security Engineer

At Intuitive we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology we expand the potential of physicians to heal without constraints.

As a pioneer and market leader in robotic-assisted surgery we strive to foster an inclusive and diverse team committed to making a difference. For more than 25 years we have worked with hospitals and care teams around the world to help solve some of healthcares hardest challenges and advance what is possible.

Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere. We strive to foster an inclusive culture built around diversity of thought and mutual respect. We lead with inclusion and empower our team members to do their best work as their most authentic selves.

Passionate people who want to make a difference drive our culture. Our team members are grounded in integrity have a strong capacity to learn the energy to get things done and bring diverse real-world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential.

Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together lets advance the world of minimally invasive care.

Description:

The Staff Product Security Engineer will collaborate closely with the Product Security team and cross-functional stakeholders to support the secure design development assessment and monitoring of Intuitive Surgical products that comply with medical device regulatory requirements and adhere to Intuitive standards for security and resiliency.

The Staff Product Security Engineer will join and inspire a team performing engineering technical and regulatory security tasks that provide security solutions across multiple Intuitive business units. The position also includes responsibility for developing and executing security project and process plans implementing security policies and procedures and a significant level of developing and mentoring other teams in the areas of cyber and network security.

Responsibilities:

• Leads the development implementation and sustainment of product security and resiliency throughout the requirements design build test production operations and support lifecycle.
• Leads the development and enhancement of system requirements and architectures for product security to meet all applicable certification and customer requirements.
• Develops and documents the cybersecurity threat model and risk assessment for both embedded and cloud-based products at Intuitive Surgical.
• Evaluates the existing security measures in place for Intuitive Surgical products and conduct necessary test and research to identify any additional security measures that may be necessary to enhance their protection.
• Participate in both in-house and third-party penetration testing activities.
• Collaborates closely with software hardware and network engineers to review and design secure communication protocols for surgical robotics.
• Leads the definition and identification of product security requirements for suppliers of components and subsystems for integration into complex Intuitive products and services.
• Supports coordination with stakeholders regulators suppliers industry partners to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems.
• Supports Intuitive research and development activities resulting in innovative scalable security solutions to include research on emerging security tools and methodologies and develop proof-of-concept demonstrations.
• Supports Intuitive Cyber Assurance teams in customer and partner communication on maintaining effective product security including security consequences of modifying products and services.
• Collaborates with the incident response and security operations team to identify analyze and mitigate potential risks associated with intuitive surgical products.
• Leverage understanding of interconnected components of Intuitive systems and and apply the principles of systems thinking to accelerate security development and resolve cross-functional technical issues.

Qualifications :

Qualifications

• At least ten years of relevant experience in product security or cybersecurity accompanied by a bachelors degree. Alternatively eight years of experience and a masters degree or a Ph.D. with five years of relevant experience are acceptable.
• CISSP or equivalent certifications such as SANS CEH AWS Security or Cisco Security.
• Advanced knowledge of system security domains (e.g. information assurance intrusion detection software protection software assurance communications security encryption and key management network security certification and accreditation) and applicable industry and government guidance and regulations to produce secure systems.
• Experience in one or more cyber security frameworks and compliance standards including NIST and ISO.
• Proficiency in functional and security-centric analysis of C/C and Python code.
• Excellent analytical skills demonstrated by a proven track record of analyzing and resolving complex problems in products and processes.
• Strong judgment in the face of competing priorities and incomplete data with the ability to make sound trade-offs with good judgment.
• Excellent communication skills enabling the documentation of technical architectures and workflows and the presentation of information to diverse audiences.
• Experience working in a distributed environment across multiple teams.
• Project management skills such as scheduling resource management and performance measures.

Preferred Skills and Experience:

• Medical device or other regulated domain experience strongly desired
• Familiar with FDA Premarket and Postmarket Cybersecurity guidance
• Familiar with regulatory aspects of the 510(k) cyber security submissions
• Experience with working with IoT or ICS/SCADA systems 

Additional Information :

Due to the nature of our business and the role please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19.  Details can vary by role.

Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees and prohibit discrimination and harassment of any type without regard to race sex pregnancy sexual orientation gender identity national origin color age religion protected veteran or disability status genetic information or any other status protected under federal state or local applicable laws.

Mandatory Notices

U.S. Export Controls Disclaimer:  In accordance with the U.S. Export Administration Regulations (15 CFR 743.13(b)) some roles at Intuitive Surgical may be subject to U.S. export controls for prospective employeeswho are nationals from countries currently on embargo or sanctions status.

Certain information you provide as part of the application will be used for purposes of determining whether Intuitive Surgical will need to (i) obtain an export license from the U.S. Government on your behalf (note: the governments licensing process can take 3 to 6 months) or (ii) implement a Technology Control Plan (TCP) (note: typically adds 2 weeks to the hiring process).  

For any Intuitive role subject to export controls final offers are contingent upon obtaining an approved export license and/or an executed TCP prior to the prospective employeesstart date which may or may not be flexible and within a timeframe that does not unreasonably impede the hiring need. If applicable candidates will be notified and instructed on any requirements for these purposes. 

We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.

Preference will be given to qualified candidates who do not reside or plan to reside in Alabama Arkansas Delaware Florida Indiana Iowa Louisiana Maryland Mississippi Missouri Oklahoma Pennsylvania South Carolina or Tennessee.

This position may be filled at a different job level than listed here depending on
business need and/or on the selected candidates experience knowledge and skills.
Compensation will be based primarily on the job level at which the role is filled and the
candidates qualifications consistent with applicable law.

We provide market-competitive compensation packages inclusive of base pay incentives benefits and equity. It would not be typical for someone to be hired at the top end of range for the role as actual pay will be determined based on several factors including experience skills and qualifications. The target compensation ranges are listed.

Remote Work :

No

Employment Type :

Full-time