Staff Product Security Engineer

Company Description

It started with a simple idea: what if surgery could be less invasive and recovery less painful? Nearly 30 years later, that question still fuels everything we do at Intuitive . As a global leader in robotic-assisted surgery and minimally invasive care , our technologies-like the da Vinci surgical system and Ion -have transformed how care is delivered for millions of patients worldwide.

We're a team of engineers, clinicians, and innovators united by one purpose: to make surgery smarter, safer, and more human. Every day, our work helps care teams perform with greater precision and patients recover faster, improving outcomes around the world.

The problems we solve demand creativity, rigor, and collaboration. The work is challenging, but deeply meaningful-because every improvement we make has the potential to change a life.

If you're ready to contribute to something bigger than yourself and help transform the future of healthcare , you'll find your purpose here.

Job Description

Staff Product Security Engineer

At Intuitive, we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints.

As a pioneer and market leader in robotic-assisted surgery, we strive to foster an inclusive and diverse team, committed to making a difference. For more than 25 years, we have worked with hospitals and care teams around the world to help solve some of healthcare's hardest challenges and advance what is possible.

Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere. We strive to foster an inclusive culture built around diversity of thought and mutual respect. We lead with inclusion and empower our team members to do their best work as their most authentic selves.

Passionate people who want to make a difference drive our culture. Our team members are grounded in integrity, have a strong capacity to learn, the energy to get things done, and bring diverse, real-world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential.

Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together, let's advance the world of minimally invasive care.

Description:

The Staff Product Security Engineer will collaborate closely with the Product Security team and cross-functional stakeholders to support the secure design, development, assessment and monitoring of Intuitive Surgical products that comply with medical device regulatory requirements and adhere to Intuitive standards for security and resiliency.

The Staff Product Security Engineer will join and inspire a team performing engineering, technical, and regulatory security tasks that provide security solutions across multiple Intuitive business units. The position also includes responsibility for developing and executing security project and process plans, implementing security policies and procedures and a significant level of developing and mentoring other teams in the areas of cyber and network security.

Responsibilities:

• Leads the development, implementation, and sustainment of product security and resiliency throughout the requirements, design, build, test, production, operations, and support lifecycle.
• Leads the development and enhancement of system requirements and architectures for product security to meet all applicable certification and customer requirements.
• Develops and documents the cybersecurity threat model and risk assessment for both embedded and cloud-based products at Intuitive Surgical.
• Evaluates the existing security measures in place for Intuitive Surgical products and conduct necessary test and research to identify any additional security measures that may be necessary to enhance their protection.
• Participate in both in-house and third-party penetration testing activities.
• Collaborates closely with software, hardware, and network engineers to review and design secure communication protocols for surgical robotics.
• Leads the definition and identification of product security requirements for suppliers of components and subsystems for integration into complex Intuitive products and services.
• Supports coordination with stakeholders, regulators, suppliers, industry partners to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems.
• Supports Intuitive research and development activities resulting in innovative, scalable security solutions, to include research on emerging security tools and methodologies and develop proof-of-concept demonstrations.
• Supports Intuitive Cyber Assurance teams in customer and partner communication on maintaining effective product security, including security consequences of modifying products and services.
• Collaborates with the incident response and security operations team to identify, analyze, and mitigate potential risks associated with intuitive surgical products.
• Leverage understanding of interconnected components of Intuitive systems and and apply the principles of systems thinking to accelerate security development and resolve cross-functional technical issues.

Qualifications

Qualifications

• At least ten years of relevant experience in product security or cybersecurity, accompanied by a bachelor's degree. Alternatively, eight years of experience and a master's degree, or a Ph.D. with five years of relevant experience, are acceptable.
• CISSP or equivalent certifications, such as SANS, CEH, AWS Security, or Cisco Security.
• Advanced knowledge of system security domains (e.g., information assurance, intrusion detection, software protection, software assurance, communications security, encryption and key management, network security, certification and accreditation) and applicable industry and government guidance and regulations to produce secure systems.
• Experience in one or more cyber security frameworks and compliance standards, including NIST and ISO.
• Proficiency in functional and security-centric analysis of C/C++ and Python code.
• Excellent analytical skills, demonstrated by a proven track record of analyzing and resolving complex problems in products and processes.
• Strong judgment in the face of competing priorities and incomplete data, with the ability to make sound trade-offs with good judgment.
• Excellent communication skills, enabling the documentation of technical architectures and workflows and the presentation of information to diverse audiences.
• Experience working in a distributed environment across multiple teams.
• Project management skills such as scheduling, resource management, and performance measures.

Preferred Skills and Experience:

• Medical device or other regulated domain experience strongly desired
• Familiar with FDA Premarket and Postmarket Cybersecurity guidance
• Familiar with regulatory aspects of the 510(k) cyber security submissions
• Experience with working with IoT or ICS/SCADA systems

Additional Information

Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.

Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.

Mandatory Notices

U.S. Export Controls Disclaimer: In accordance with the U.S. Export Administration Regulations (15 CFR §743.13(b)), some roles at Intuitive Surgical may be subject to U.S. export controls for prospective employeeswho are nationals from countries currently on embargo or sanctions status.

Certain information you provide as part of the application will be used for purposes of determining whether Intuitive Surgical will need to (i) obtain an export license from the U.S. Government on your behalf (note: the government's licensing process can take 3 to 6+ months) or (ii) implement a Technology Control Plan ("TCP") (note: typically adds 2 weeks to the hiring process).


For any Intuitive role subject to export controls, final offers are contingent upon obtaining an approved export license and/or an executed TCP prior to the prospective employee'sstart date, which may or may not be flexible, and within a timeframe that does not unreasonably impede the hiring need. If applicable, candidates will be notified and instructed on any requirements for these purposes.


We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.

Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.

This position may be filled at a different job level than listed here depending on
business need and/or on the selected candidate's experience, knowledge and skills.
Compensation will be based primarily on the job level at which the role is filled and the
candidate's qualifications, consistent with applicable law.

We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target compensation ranges are listed.