Joining Intuitive Surgical means joining a team dedicated to using technology to benefit patients by improving surgical efficacy and decreasing surgical invasiveness, with patient safety as our highest priority.
Primary Function of Position:
The Engineering Product Security Team is responsible for the secure-by-design aspects of hardware and software products, infrastructure and cloud services that collect and analyze medical device machine data from thousands of systems deployed world-wide.
The ideal candidate for the position of Sr. Web/Application Security Analyst will have experience working in web and mobile application development and security expertise to gently guide deteams, vulnerability management, incident response and product line security management.
This position requires a candidate with strong technical and interpersonal skills, the ability to work effectively and collaboratively with the business and peer Engineering teams to deliver high quality solutions that ensure patient safety.
Roles and Responsibilities:
• Working with the Web/Application security lead, this role will work with product development teams to deliver robust and secure-by-design applications and infrastructure
• Perform Risk Assessments, Architecture Reviews, maintain an updated catalog of issues and drive timely resolution
• Assist Operations in identifying, testing and deploying updates and patches
• Perform Operations monitoring and pro-active analysis of cybersecurity signals
• Through iteration, develop process, policies and procedures to improve the overall risk profile
• Perform Information System security controls assessments and audits
• Prepare technical analysis, create and update documentation
• Drive and support pen testing, regression and fuzz testing
• Make Incident Response as rare as possible, then ace it when required
• Other duties as assigned
Competency Requirements: In order to adequately perform the responsibilities of this position the individual must possess:
• Five or more years’ experience in web / mobile application development / testing / security
• Deep understanding of application security risks (XSS/CSRF, SQL injection, etc.)
• Proficient with SQL, stored procedures and general database interaction
• Passion for understanding and researching new vulnerabilities and exploitation techniques
• Proficient in complex network design (firewalls, load-balancing, TLS, switching and routing)
• Experience with application debug and troubleshooting, security logs, log aggregation and SIEM technologies
• Practical knowledge of OWASP Top Ten, how to discover, triage, verify and resolve
• Knowledge of common security flaws and resolution as published by SANS, CWE, CVE, CVSS etc.
• Understanding of application threat modeling, secure coding principles and SDLC security best practices
• Expert level knowledge of TCP/IP, SSL/TLS, HTTP, switching and routing, Windows & Linux OS, Relational SQL databases
• Extensive experience with Splunk, Syslog, Nessus, nMap, Metasploit, Nexpose and Qualysguard
• CAP, CISA, CISSP, GCIA, GIAC, GISF, GSEC, SSCP, OSCP or equivalent certification preferred.
• Work constructively with highly technical peers when security best practices and feature requests intersect
• Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Checkmarx
• BS/BA desirable along with demonstration of sophisticated and logical thought processes.
• Strong analytic skills as proven by a track record of analyzing and fixing complex problems in products and processes.
• Excellent judgment in the presence of competing priorities and incomplete data; proven ability to make difficult trade-offs with good judgment.
• Ability to present and whiteboard technical architectures and workflows
• A passion for finishing the vital thing efficiently and well, and attention to the right details.
• A strong desire to make work fun.
• Travel: <10~20%
• Job location: Sunnyvale, CA
We are an AA/EEO/Veterans/Disabled employer. We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.