Staff Product Security Engineer

It started with a simple idea: what if surgery could be less invasive and recovery less painful? Nearly 30 years later, that question still fuels everything we do at Intuitive . As a global leader in robotic-assisted surgery and minimally invasive care , our technologies—like the da Vinci surgical system and Ion —have transformed how care is delivered for millions of patients worldwide. We’re a team of engineers, clinicians, and innovators united by one purpose: to make surgery smarter, safer, and more human. Every day, our work helps care teams perform with greater precision and patients recover faster, improving outcomes around the world. The problems we solve demand creativity, rigor, and collaboration. The work is challenging, but deeply meaningful—because every improvement we make has the potential to change a life. If you’re ready to contribute to something bigger than yourself and help transform the future of healthcare , you’ll find your purpose here. Primary Function of Position We are seeking a Staff Product Security engineer to join the software team within the Endoluminal business unit. The successful candidate in this role will serve as the primary security interface between the Endoluminal business unit and our centralized product security teams. This role spans embedded security for network-connected medical devices as well as cloud security for web applications and services. The ideal candidate is a strong individual contributor today with the potential to help shape our long-term security operating model, including mentoring engineers and contributing to future team-building efforts. Essential Job Duties (Specific responsibilities and tasks an individual would be expected to perform in the role. Additional job duties may be determined by functional people manager)  Act as the product security point of contact for the business unit, collaborating with centralized security, IT, compliance, and engineering teams.  Drive secure-by-design practices across embedded medical devices and cloud-based applications.  Provide hands-on technical leadership for security architecture, threat modeling, and risk assessments  Partner with software teams to manage embedded product security, including interfaces to external imaging systems, devices, removable media, networks, and service tooling.  Partner with software teams to manage cloud product security, including web apps, services, data platforms, and pipelines.  Translate corporate security standards into practical product implementations.  Maintain a hands-on role in design reviews, code reviews, vulnerability management, pen testing, and incident response.  Support regulatory and industry security requirements relevant to medical devices.  Set best practices for tools and technologies that make our security posture more effective Required Skills and Experience (Specific skills, knowledge, and experience that an individual must possess in order to successfully perform in job)  Hands-on experience in cybersecurity engineering, with working knowledge of both embedded and cloud platforms.  Experience with embedded system or device security, including secure boot, firmware, interfaces, and attack surface reduction.  Experience securing cloud-native applications and services, including identity, networking, APIs, data protection.  Experience in one or more cyber security frameworks and compliance standards, including NIST and ISO.  Practical experience with threat modeling, vulnerability assessment, and security architecture design.  Ability to work effectively across organizational boundaries and communicate with engineering, product, and security stakeholders.  Excellent problem-solving skills and a collaborative mindset. Required Education and Training (As applicable - Specific education and training that an individual must possess in order to successfully perform in job) - Bachelor's or Master’s degree in computer science or related field. - Minimum of 8 years relevant experience in software product security. Working Conditions (As applicable - Any physical requirements for the job. If not applicable, state “none”) None Preferred Skills and Experience (As applicable - Specific skills, knowledge, and experience that are not required to perform the job, but are desirable to have) - Experience working with medical devices and FDA pre- and post-market cybersecurity guidance. - Experience with defining and implementing data privacy requirements. Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19.  Details can vary by role. Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws. Mandatory Notices U.S. Export Controls Disclaimer:  In accordance with the U.S. Export Administration Regulations (15 CFR §743.13(b)), some roles at Intuitive Surgical may be subject to U.S. export controls for prospective employees
who are nationals from countries currently on embargo or sanctions status. Certain information you provide as part of the application will be used for purposes of determining whether Intuitive Surgical will need to (i) obtain an export license from the U.S. Government on your behalf (note: the government’s licensing process can take 3 to 6+ months) or (ii) implement a Technology Control Plan (“TCP”) (note: typically adds 2 weeks to the hiring process).   For any Intuitive role subject to export controls, final offers are contingent u