It started with a simple idea: what if surgery could be less invasive and recovery less painful? Nearly 30 years later, that question still fuels everything we do at Intuitive As a global leader in robotic-assisted surgery and minimally invasive care, our technologies—like the da Vinci surgical system and Ion—have transformed how care is delivered for millions of patients worldwide.
We’re a team of engineers, clinicians, and innovators united by one purpose: to make surgery smarter, safer, and more human. Every day, our work helps care teams perform with greater precision and patients recover faster, improving outcomes around the world.
The problems we solve demand creativity, rigor, and collaboration. The work is challenging, but deeply meaningful—because every improvement we make has the potential to change a life.
If you’re ready to contribute to something bigger than yourself and help transform the future of healthcare, you’ll find your purpose here.
Primary Function of Position
We are seeking a Staff Product Security engineer to join the software team within the
Endoluminal business unit. The successful candidate in this role will serve as the primary security
interface between the Endoluminal business unit and our centralized product security teams. This
role spans embedded security for network-connected medical devices as well as cloud security
for web applications and services. The ideal candidate is a strong individual contributor today with
the potential to help shape our long-term security operating model, including mentoring engineers
and contributing to future team-building efforts.
Essential Job Duties (Specific responsibilities and tasks an individual would be expected to
perform in the role. Additional job duties may be determined by functional people manager)
Act as the product security point of contact for the business unit, collaborating with
centralized security, IT, compliance, and engineering teams.
Drive secure-by-design practices across embedded medical devices and cloud-based
applications.
Provide hands-on technical leadership for security architecture, threat modeling, and risk
assessments
Partner with software teams to manage embedded product
security, including interfaces to external imaging systems,
devices, removable media, networks, and service tooling.
Partner with software teams to manage cloud product
security, including web apps, services, data platforms, and
pipelines.
Translate corporate security standards into practical product implementations.
Maintain a hands-on role in design reviews, code reviews, vulnerability management, pen
testing, and incident response.
Support regulatory and industry security requirements relevant to medical devices.
Set best practices for tools and technologies that make our security posture more
effective
Required Skills and Experience (Specific skills, knowledge, and experience that an individual
must possess in order to successfully perform in job)
Hands-on experience in cybersecurity engineering, with working knowledge of both
embedded and cloud platforms.
Experience with embedded system or device security, including secure boot, firmware,
interfaces, and attack surface reduction.
Experience securing cloud-native applications and services, including identity,
networking, APIs, data protection.
Experience in one or more cyber security frameworks and compliance standards,
including NIST and ISO.
Practical experience with threat modeling, vulnerability assessment, and security
architecture design.
Ability to work effectively across organizational boundaries and communicate with
engineering, product, and security stakeholders.
Excellent problem-solving skills and a collaborative mindset.
Required Education and Training (As applicable - Specific education
and training that an individual must possess in order to successfully
perform in job)
- Bachelor's or Master’s degree in computer science or
related field.
- Minimum of 8 years relevant experience in software product security.
Working Conditions (As applicable - Any physical requirements for the job. If not applicable, state
“none”)
None
Preferred Skills and Experience (As applicable - Specific skills, knowledge, and experience that
are not required to perform the job, but are desirable to have)
- Experience working with medical devices and FDA pre- and post-market cybersecurity
guidance.
- Experience with defining and implementing data privacy requirements.
Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.
Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.
U.S. Export Controls Disclaimer: In accordance with the U.S. Export Administration Regulations (15 CFR §743.13(b)), some roles at Intuitive Surgical may be subject to U.S. export controls for prospective employees
who are nationals from countries currently on embargo or sanctions status.
Certain information you provide as part of the application will be used for purposes of determining whether Intuitive Surgical will need to (i) obtain an export license from the U.S. Government on your behalf (note: the government’s licensing process can take 3 to 6+ months) or (ii) implement a Technology Control Plan (“TCP”) (note: typically adds 2 weeks to the hiring process).
For any Intuitive role subject to export controls, final offers are contingent upon obtaining an approved export license and/or an executed TCP prior to the prospective employee’s
start date, which may or may not be flexible, and within a timeframe that does not unreasonably impede the hiring need. If applicable, candidates will be notified and instructed on any requirements for these purposes.
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.
Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.
This position may be filled at a different job level than listed here depending on
business need and/or on the selected candidate’s experience, knowledge and skills.
Compensation will be based primarily on the job level at which the role is filled and the
candidate’s qualifications, consistent with applicable law.
We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target compensation ranges are listed.
Intuitive (Nasdaq: ISRG), headquartered in Sunnyvale, Calif., is a global technology leader in minimally invasive care and the pioneer of robotic-assisted surgery. At Intuitive, we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints.
