Intuitive Surgical Careers
Senior Web Application Security Analyst
Primary Location: United States-California-US-CA-Sunnyvale
Requisition ID: 181199
Who is Intuitive Surgical? The numbers tell an amazing story. Learn more about our company.
The ideal candidate for the position of Sr. Web/Application Security Analyst will have experience working in web and mobile application development, security expertise and the experience to gently guide sophisticated development teams when security best practices and code diverge.
Serve as the Web/Application security lead, responsible for working with product development teams to deliver robust and secure-by-design applications and infrastructure
Perform Risk Assessments, Architecture Reviews, maintain an updated catalog of issues and drive timely resolution
Assist Operations in identifying, testing and deploying updates and patches
Perform Operations monitoring and pro-active analysis of cybersecurity signals
Through iteration, develop process, policies and procedures to improve the overall risk profile
Perform Information System security controls assessments and audits
Prepare technical analysis, create and update documentation
Drive and support pen testing, regression and fuzz testing
Make Incident Response as rare as possible, then ace it when required
Other duties as assigned
- Five or more years’ experience in web / mobile application development / testing / security
- Deep understanding of application security risks (XSS/CSRF, SQL injection, etc)
- Proficient with SQL, stored procedures and general database interaction
- Passion for understanding and researching new vulnerabilities and exploitation techniques
- Proficient in complex network design (firewalls, load-balancing, TLS, switching and routing)
- Experience with application debug and troubleshooting, security logs, log aggregation and SIEM technologies
- Practical knowledge of OWASP Top Ten, how to discover, triage, verify and resolve
- Expert level knowledge of TCP/IP, SSL/TLS, HTTP, switching and routing, Windows & Linux OS, Relational SQL databases
- Extensive experience with Splunk, Syslog, Nessus, nMap, Metasploit, Burp, Nexpose and Qualysguard
- CAP, CISA, CISSP, GCIA, GIAC, GISF, GSEC, SSCP or equivalent certification preferred.
- Experience with Medical Devices and embedded systems highly desirable
- Work constructively with highly technical peers when security best practices and feature requests intersect
- BS/BA desirable along with demonstration of sophisticated and logical thought processes.
- Strong analytic skills as proven by a track record of analyzing and fixing complex problems in products and processes.
- Excellent judgment in the presence of competing priorities and incomplete data; proven ability to make difficult trade-offs with good judgment.
- Ability to present and whiteboard technical architectures and workflows
- A passion for finishing the vital thing efficiently and well, and attention to the right details.
- A strong desire to make work fun.
- Travel: <10~20%
- Job location: Sunnyvale, CA