Staff Product Security Engineer - IoT/Network

About The Position

Requirements

• At least ten years of relevant experience in product security or cybersecurity, accompanied by a bachelor's degree. Alternatively, eight years of experience and a master's degree, or a Ph.D. with five years of relevant experience, are acceptable.
• CISSP or equivalent certifications, such as SANS, CEH, AWS Security, or Cisco Security.
• Advanced knowledge of system security domains (e.g., information assurance, intrusion detection, software protection, software assurance, communications security, encryption and key management, network security, certification and accreditation) and applicable industry and government guidance and regulations to produce secure systems.
• Experience in one or more cyber security frameworks and compliance standards, including NIST and ISO.
• Proficiency in functional and security-centric analysis of C/C++ and Python code.
• Excellent analytical skills, demonstrated by a proven track record of analyzing and resolving complex problems in products and processes.
• Strong judgment in the face of competing priorities and incomplete data, with the ability to make sound trade-offs with good judgment.
• Excellent communication skills, enabling the documentation of technical architectures and workflows and the presentation of information to diverse audiences.
• Experience working in a distributed environment across multiple teams.
• Project management skills such as scheduling, resource management, and performance measures.

Nice To Haves

• Medical device or other regulated domain experience strongly desired.
• Familiar with FDA Premarket and Postmarket Cybersecurity guidance.
• Familiar with regulatory aspects of the 510(k) cyber security submissions.
• Experience with working with IoT or ICS/SCADA systems.

Responsibilities

• Leads the development, implementation, and sustainment of product security and resiliency throughout the requirements, design, build, test, production, operations, and support lifecycle.
• Leads the development and enhancement of system requirements and architectures for product security to meet all applicable certification and customer requirements.
• Develops and documents the cybersecurity threat model and risk assessment for both embedded and cloud-based products at Intuitive Surgical.
• Evaluates the existing security measures in place for Intuitive Surgical products and conduct necessary test and research to identify any additional security measures that may be necessary to enhance their protection.
• Participate in both in-house and third-party penetration testing activities.
• Collaborates closely with software, hardware, and network engineers to review and design secure communication protocols for surgical robotics.
• Leads the definition and identification of product security requirements for suppliers of components and subsystems for integration into complex Intuitive products and services.
• Supports coordination with stakeholders, regulators, suppliers, industry partners to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems.
• Supports Intuitive research and development activities resulting in innovative, scalable security solutions, to include research on emerging security tools and methodologies and develop proof-of-concept demonstrations.
• Supports Intuitive Cyber Assurance teams in customer and partner communication on maintaining effective product security, including security consequences of modifying products and services.
• Collaborates with the incident response and security operations team to identify, analyze, and mitigate potential risks associated with intuitive surgical products.
• Leverage understanding of interconnected components of Intuitive systems and apply the principles of systems thinking to accelerate security development and resolve cross-functional technical issues.

Benefits

• Market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity.