Staff Product Security Engineer - IoT/Network

Company Description

At Intuitive, we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints.

As a pioneer and market leader in robotic-assisted surgery, we strive to foster an inclusive and diverse team, committed to making a difference. For more than 25 years, we have worked with hospitals and care teams around the world to help solve some of healthcare's hardest challenges and advance what is possible.

Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere. We strive to foster an inclusive culture built around diversity of thought and mutual respect. We lead with inclusion and empower our team members to do their best work as their most authentic selves.

Passionate people who want to make a difference drive our culture. Our team members are grounded in integrity, have a strong capacity to learn, the energy to get things done, and bring diverse, real world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential.

Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together, let's advance the world of minimally invasive care.

Job Description

Description:

The Staff Product Security Engineer will collaborate closely with the Product Security team and cross-functional stakeholders to support the secure design, development, assessment and monitoring of Intuitive Surgical products that comply with medical device regulatory requirements and adhere to Intuitive standards for security and resiliency.

The Staff Product Security Engineer will join and inspire a team performing engineering, technical, and regulatory security tasks that provide security solutions across multiple Intuitive business units. The position also includes responsibility for developing and executing security project and process plans, implementing security policies and procedures and a significant level of developing and mentoring other teams in the areas of cyber and network security.

Responsibilities:

• Leads the development, implementation, and sustainment of product security and resiliency throughout the requirements, design, build, test, production, operations, and support lifecycle.
• Leads the development and enhancement of system requirements and architectures for product security to meet all applicable certification and customer requirements.
• Develops and documents the cybersecurity threat model and risk assessment for both embedded and cloud-based products at Intuitive Surgical.
• Evaluates the existing security measures in place for Intuitive Surgical products and conduct necessary test and research to identify any additional security measures that may be necessary to enhance their protection.
• Participate in both in-house and third-party penetration testing activities.
• Collaborates closely with software, hardware, and network engineers to review and design secure communication protocols for surgical robotics.
• Leads the definition and identification of product security requirements for suppliers of components and subsystems for integration into complex Intuitive products and services.
• Supports coordination with stakeholders, regulators, suppliers, industry partners to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems.
• Supports Intuitive research and development activities resulting in innovative, scalable security solutions, to include research on emerging security tools and methodologies and develop proof-of-concept demonstrations.
• Supports Intuitive Cyber Assurance teams in customer and partner communication on maintaining effective product security, including security consequences of modifying products and services.
• Collaborates with the incident response and security operations team to identify, analyze, and mitigate potential risks associated with intuitive surgical products.
• Leverage understanding of interconnected components of Intuitive systems and and apply the principles of systems thinking to accelerate security development and resolve cross-functional technical issues.

Qualifications

Qualifications

• At least ten years of relevant experience in product security or cybersecurity, accompanied by a bachelor’s degree. Alternatively, eight years of experience and a master’s degree, or a Ph.D. with five years of relevant experience, are acceptable.
• CISSP or equivalent certifications, such as SANS, CEH, AWS Security, or Cisco Security.
• Advanced knowledge of system security domains (e.g., information assurance, intrusion detection, software protection, software assurance, communications security, encryption and key management, network security, certification and accreditation) and applicable industry and government guidance and regulations to produce secure systems.
• Experience in one or more cyber security frameworks and compliance standards, including NIST and ISO.
• Proficiency in functional and security-centric analysis of C/C++ and Python code.
• Excellent analytical skills, demonstrated by a proven track record of analyzing and resolving complex problems in products and processes.
• Strong judgment in the face of competing priorities and incomplete data, with the ability to make sound trade-offs with good judgment.
• Excellent communication skills, enabling the documentation of technical architectures and workflows and the presentation of information to diverse audiences.
• Experience working in a distributed environment across multiple teams.
• Project management skills such as scheduling, resource management, and performance measures.

Preferred Skills and Experience:

• Medical device or other regulated domain experience strongly desired
• Familiar with FDA Premarket and Postmarket Cybersecurity guidance
• Familiar with regulatory aspects of the 510(k) cyber security submissions
• Experience with working with IoT or ICS/SCADA systems 

Additional Information

Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19.  Details can vary by role.

Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.

Mandatory Notices

We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.

Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.

We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target salary ranges are listed.