Intuitive Surgical Careers

Senior Web Application Security Analyst

US-CA-Sunnyvale, California
IT/Information Systems

Job Description

Job: IT/Information Systems
Primary Location: United States-California-US-CA-Sunnyvale
Schedule: Full-time
Requisition ID: 181199


Company Description:

Who is Intuitive Surgical? The numbers tell an amazing story. Learn more about our company.

Joining Intuitive Surgical means joining a team dedicated to using technology to benefit patients by improving surgical efficacy and decreasing surgical invasiveness, with patient safety as our highest priority. 
The Engineering Product Security Team is responsible for the secure-by-design aspects of hardware and software products, infrastructure and cloud services that collect and analyze medical device machine data from thousands of systems deployed world-wide.

The ideal candidate for the position of Sr. Web/Application Security Analyst will have experience working in web and mobile application development, security expertise and the experience to gently guide sophisticated development teams when security best practices and code diverge.
This position requires a candidate with strong technical and interpersonal skills, the ability to work effectively and collaboratively with the business and peer Engineering teams to deliver high quality solutions that ensure patient safety.
Roles and Responsibilities:
  • Serve as the Web/Application security lead, responsible for working with product development teams to deliver robust and secure-by-design applications and infrastructure
  • Perform Risk Assessments, Architecture Reviews, maintain an updated catalog of issues and drive timely resolution
  • Assist Operations in identifying, testing and deploying updates and patches
  • Perform Operations monitoring and pro-active analysis of cybersecurity signals
  • Through iteration, develop process, policies and procedures to improve the overall risk profile
  • Perform Information System security controls assessments and audits
  • Prepare technical analysis, create and update documentation
  • Drive and support pen testing, regression and fuzz testing
  • Make Incident Response as rare as possible, then ace it when required
  • Other duties as assigned

Competency Requirements: In order to adequately perform the responsibilities of this position the individual must possess:
  • Five or more years’ experience in web / mobile application development / testing / security
  • Deep understanding of application security risks (XSS/CSRF, SQL injection, etc)
  • Proficient with SQL, stored procedures and general database interaction
  • Passion for understanding and researching new vulnerabilities and exploitation techniques
  • Proficient in complex network design (firewalls, load-balancing, TLS, switching and routing)
  • Experience with application debug and troubleshooting, security logs, log aggregation and SIEM technologies
  • Practical knowledge of OWASP Top Ten, how to discover, triage, verify and resolve
  • Expert level knowledge of TCP/IP, SSL/TLS, HTTP, switching and routing, Windows & Linux OS, Relational SQL databases
  • Extensive experience with Splunk, Syslog, Nessus, nMap, Metasploit, Burp, Nexpose and Qualysguard
  • CAP, CISA, CISSP, GCIA, GIAC, GISF, GSEC, SSCP or equivalent certification preferred.
  • Experience with Medical Devices and embedded systems highly desirable
  • Work constructively with highly technical peers when security best practices and feature requests intersect
  • BS/BA desirable along with demonstration of sophisticated and logical thought processes.
  • Strong analytic skills as proven by a track record of analyzing and fixing complex problems in products and processes.
  • Excellent judgment in the presence of competing priorities and incomplete data; proven ability to make difficult trade-offs with good judgment.
  • Ability to present and whiteboard technical architectures and workflows
  • A passion for finishing the vital thing efficiently and well, and attention to the right details.
  • A strong desire to make work fun.
  • Travel: <10~20%
  • Job location: Sunnyvale, CA

We are an AA/EEO/Veterans/Disabled employer.
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.