Senior Product Security Analyst
Sunnyvale, CA, United States
Intuitive
Company Description
At Intuitive, we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints.As a pioneer and market leader in robotic-assisted surgery, we strive to foster an inclusive and diverse team, committed to making a difference. For more than 25 years, we have worked with hospitals and care teams around the world to help solve some of healthcare's hardest challenges and advance what is possible.
Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere. We strive to foster an inclusive culture built around diversity of thought and mutual respect. We lead with inclusion and empower our team members to do their best work as their most authentic selves.
Passionate people who want to make a difference drive our culture. Our team members are grounded in integrity, have a strong capacity to learn, the energy to get things done, and bring diverse, real world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential.
Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together, let's advance the world of minimally invasive care.
Job Description
Primary Function of Position
The Product Security Analyst is primarily responsible for conducting security analysis of Intuitive Surgical products, developing, and documenting the cybersecurity threat models, recommending security mitigations, and deriving security requirements for surgical systems in Intuitive Surgical product portfolio, including SinglePort, MultiPort daVinci Surgical Systems, ION system and associated peripherals and instruments.
Essential Job Duties
- Work closely with the product teams and understand our products in depth to analyze and document the security attack surface, trust boundaries and data flows.
- Develop threat models that enumerate cybersecurity risks and threats.
- Document and verify the existing security mitigations and identify if additional mitigations are required for our products.
- Work with the product teams to provide guidance during mitigation design and development.
- Contribute to development and implementation of security test and verification protocols. Assist in conducting security verification and validation efforts.
Qualifications
Required Skills and Experience
- Minimum bachelor’s or higher degree in Engineering or Computer Science, with minimum of 5 years of experience on conducting product security analysis.
- In-depth knowledge of security concepts regarding embedded systems, operating systems, firmware, and software security. Understanding of current and emerging security technologies and threats.
- In-depth knowledge of security risks and threats associated with wired and wireless device interfaces including USB, JTAG, serial ports, UART, SPI, Ethernet, Bluetooth and Wi-Fi.
- Proficient with methodologies, tools, best practices, and processes across various cybersecurity areas.
- Experience working with Software Bill of Material (SBOM) and vulnerability assessment of components in the SBOM.
- Knowledge of common security flaws and resolution as published by SANS, MITRE (CVE, CWE).
- Proven experience with threat modeling and risk analysis with ability to understand and score using the CVSS method.
- Ability to gather written and verbal information from multiple sources, assess and consolidate risks to provide appropriate recommendations.
- Hands-on experience with penetration testing and vulnerability analysis frameworks and tools.
- Experience in developing test routines and protocols to validate security mitigations.
- Excellent documentation and communication skills.
- Experience with security analysis of medical devices and products is a plus.
- Experience with medical device cybersecurity regulations (FDA, NMPA, EU MDR, MDCG, HIPAA) is a plus.
- Experience in Cybersecurity related data analytics, machine learning, anomaly detection and incident response is a plus.
Additional Information
Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.
Intuitive is an Equal Employment Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.
Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.
We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target salary ranges are listed.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Computer Science CVSS Data Analytics HIPAA Incident response Machine Learning Pentesting Product security Risk analysis SANS SBOM Security analysis
Perks/benefits: Career development Competitive pay Equity
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs