Intuitive Surgical Careers
Senior Information Security Engineer - Application & Compliance
Primary Location: United States-California-US-CA-Sunnyvale
Requisition ID: 181381
Who is Intuitive Surgical? The numbers tell an amazing story. Learn more about our company.Joining Intuitive Surgical means joining a team dedicated to using technology to benefit patients by improving surgical efficacy and decreasing surgical invasiveness, with patient safety as our highest priority.
Senior Information Security Engineer is primarily responsible for the secure-by design aspects of software products, infrastructure and cloud applications. In addition, will be responsible for evaluation, implementation, and ongoing management of security systems and infrastructure within Intuitive Surgical’s Information Systems organization. Responsibilities include shared administration of the department’s security tools including Security Incident Event Manager (SIEM), Application Security Testing tools (DAST /SAST), Vulnerability Assessment of in-house and third-party or hosted application and infrastructure.
If you exemplify our values and want to be part of Company that is really passionate about providing value for the patients and customers we serve, this is the role for you.
Roles and Responsibilities:
• Serve as the Application security lead, responsible for working with development teams to deliver robust and secure-by-design applications and infrastructure• Directly participate in the utilization, maintenance and optimization of IT Systems for Endpoint, Network, Infrastructure, Application and Data security.• Perform Application and Infrastructure Risk Assessments, Architecture Reviews and assist Operations in identifying, testing and deploying updates and patches• Report to management concerns of residual risk, vulnerabilities and other security exposures.• Research, recommend, evaluate and implement enterprise infrastructure security solutions• Perform vulnerability assessments, penetration testing and assist with remediation efforts• Implementing, managing, maintaining and ongoing tuning of various security systems and applications.• Receive and appropriately review and implement changes to various IT Security infrastructure, systems configurations to effectively prevent or resolve security events or threats as assigned or otherwise needed.• Use current information security technology disciplines and industry standards to ensure confidentiality, integrity, and availability of information assets• Provide Subject Matter Expertise to both internal ISI and external vendor teams, advancing adoption of ISI Information Security policies, procedures and guidelines.• Train or educate users on new or modified system configurations, policies, operating procedures and security controls as they affect business processes.• Maintain IT security systems integrity and availability, system upgrades, patches, changes.• Develop and maintain appropriate system and process documentation.• Participate in the security incident response efforts and other security investigation activities as assigned. Co-ordinate remediation with an appropriate sense of urgency and criticality.• Review security events that are populated in a Security Information and Event Management (SIEM) system.• Conduct proactive threat research.• Analyze potential impact of new threats and exploits, develop and implement solutions to mitigate those threats, and communicate risks to relevant business units• Assist with the development, implementation, and management of security controls, processes, and policies as a result of analysis, research, and recommendations• Collaborate across teams to build and maintain creative solutions to security problems.• Evaluate new technologies and processes that enhance security capabilities• Recommend and design security controls to support the data security needs of systems being developed or acquired.
• Minimum 7 years of experience in systems or network administration\engineering
• Bachelor’s degree in Computer Science, Electronics, or related field, or equivalent work experience
• Must have working knowledge of any of the Application Security Testing product (DAST or SAST)
• Extensive experience implementing and supporting common security vulnerability assessment
• Extensive experience with Splunk, Syslog, Nessus, nMap, Metasploit, Burp, Nexpose or Qualysguard
• Experience with SOX, PCI, GDPR, GLBA, or equivalent regulations and standards
• Willingness to acquire in-depth knowledge of network and system security technologies and products, and continuously improve these skills
• In-depth knowledge of configuring, implementing and managing technical solutions (preferably information security related)
• Strong working knowledge of infrastructure technologies such as Windows and Linux operating systems; Virtual Infrastructure operations (VMWare / Citrix) database configuration and security; active directory; vulnerability testing; networking protocols and topologies; security architectures; and incident management
• Capable of serving in a trusted position of responsibility which requires discretion.
• Excellent written and verbal communications skills. Must be able to communicate effectively with all levels of staff, including Senior Management and end users
• Familiarity with and ability to apply Information Security and Governance Frameworks such as ISO 27000, SOX, FDA, HIPAA
• Ability to manage small to medium IT projects from conception to implementation, following organization-specific methodologies
• Excellent troubleshooting and analytical skills
• Demonstrate integrity, accountability, innovation, and reliability
• Demonstrate effective teamwork and working relationships with others
• Strong research background, utilizing an analytical approach.
• Expert knowledge of security issues, techniques and implications across all existing computer platforms.
• Strong conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates.
• Strong team-oriented interpersonal and communication skills; ability to present and discuss technical information in a way that establishes rapport, persuades others, and gains understanding
• Ability to work well under minimal supervision.
• Proven ability in application security process and organizational design.
• Experience in software-based networking technologies and SDN management interaction between applications and orchestration systems (API).
• Experience working with multiple operating systems.
• Experience securing scalable web architectures and distributed systems
• Experience securing and architecting cloud based infrastructures (e.g. MS Azure, Amazon AWS and Google)
• Expert experience in evaluating and assessing security threats across a variety of environments and industries
• Must be self-driven and motivated
• Flexible, adaptable, and able to manage multiple tasks in a dynamic, fast-paced environment.
• Hands-on information security experience with security architecture, network security, and/or computing platform security
• Security vulnerability scanning experience (preferably using Nessus)
• Open Source security tools experience (nmap, tcpdump, sysinternals suite, backtrack, etc.)
• Prefer experience managing cases with enterprise SIEM systems, such as - Arcsight, Splunk or QRadar.
• CAP, CISA, CISSP, GCIA, GIAC, GISF, GSEC, SSCP or equivalent certification preferred.
We are an AA/EEO/Veterans/Disabled employer.
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.