Staff Product Security Engineer

About the role

Primary Function of Position We are seeking a Staff Product Security engineer to join the software team within the Endoluminal business unit. The successful candidate in this role will serve as the primary security interface between the Endoluminal business unit and our centralized product security teams. This role spans embedded security for network-connected medical devices as well as cloud security for web applications and services. The ideal candidate is a strong individual contributor today with the potential to help shape our long-term security operating model, including mentoring engineers and contributing to future team-building efforts. Essential Job Duties (Specific responsibilities and tasks an individual would be expected to perform in the role. Additional job duties may be determined by functional people manager)  Act as the product security point of contact for the business unit, collaborating with centralized security, IT, compliance, and engineering teams.  Drive secure-by-design practices across embedded medical devices and cloud-based applications.  Provide hands-on technical leadership for security architecture, threat modeling, and risk assessments  Partner with software teams to manage embedded product security, including interfaces to external imaging systems, devices, removable media, networks, and service tooling.  Partner with software teams to manage cloud product security, including web apps, services, data platforms, and pipelines.  Translate corporate security standards into practical product implementations.  Maintain a hands-on role in design reviews, code reviews, vulnerability management, pen testing, and incident response.  Support regulatory and industry security requirements relevant to medical devices.  Set best practices for tools and technologies that make our security posture more effective Required Skills and Experience (Specific skills, knowledge, and experience that an individual must possess in order to successfully perform in job)  Hands-on experience in cybersecurity engineering, with working knowledge of both embedded and cloud platforms.  Experience with embedded system or device security, including secure boot, firmware, interfaces, and attack surface reduction.  Experience securing cloud-native applications and services, including identity, networking, APIs, data protection.  Experience in one or more cyber security frameworks and compliance standards, including NIST and ISO.  Practical experience with threat modeling, vulnerability assessment, and security architecture design.  Ability to work effectively across organizational boundaries and communicate with engineering, product, and security stakeholders.  Excellent problem-solving skills and a collaborative mindset. Required Education and Training (As applicable - Specific education and training that an individual must possess in order to successfully perform in job) - Bachelor's or Master's degree in computer science or related field. - Minimum of 8 years relevant experience in software product security. Working Conditions (As applicable - Any physical requirements for the job. If not applicable, state "none") None Preferred Skills and Experience (As applicable - Specific skills, knowledge, and experience that are not required to perform the job, but are desirable to have) - Experience working with medical devices and FDA pre- and post-market cybersecurity guidance. - Experience with defining and implementing data privacy requirements. Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role. Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws. Mandatory Notices U.S. Export Controls Disclaimer: In accordance with the U.S. Export Administration Regulations (15 CFR §743.13(b)), some roles at Intuitive Surgical may be subject to U.S. export controls for prospective employees who are nationals from countries currently on embargo or sanctions status. Certain information you provide as part of the application will be used for purposes of determining whether Intuitive Surgical will need to (i) obtain an export license from the U.S. Government on your behalf (note: the government's licensing process can take 3 to 6+ months) or (ii) implement a Technology Control Plan ("TCP") (note: typically adds 2 weeks to the hiring process). For any Intuitive role subject to export controls, final offers are conti

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Intuitive? Share your experience