Product Security Engineer Staff

Product Security Engineer Staff Location Remote in Sunnyvale, CA :

Company Description At Intuitive, we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints. As a pioneer and market leader in robotic-assisted surgery, we strive to foster an inclusive and diverse team, committed to making a difference. For more than 25 years, we have worked with hospitals and care teams around the world to help solve some of healthcare's hardest challenges and advance what is possible. Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere. We strive to foster an inclusive culture built around diversity of thought and mutual respect. We lead with inclusion and empower our team members to do their best work as their most authentic selves. Passionate people who want to make a difference drive our culture. Our team members are grounded in integrity, have a strong capacity to learn, the energy to get things done, and bring diverse, real world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential. Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together, let's advance the world of minimally invasive care.

Primary Function:

• The Staff Security Engineer primarily develops and documents the cybersecurity threat model for all embedded and cloud products at Intuitive Surgical.
• Participates in the design of security policies to improve the robustness and defense-in-depth for product lines.
• Proposes the secure architecture and comply with best security practices for all Intuitive products.

Roles and Responsibilities:

• Research new security tools & methodology and conduct PoC if necessary.
• Maintains vendor relationship with the security tools and services.
• Involves in RED team activities including both in-house and 3rd-party penetration tests.
• Manages SBOM and provides the required reports to the FDA and other regional regulations regarding medical devices.
• Performs vulnerability analysis on the products before the release to the market.
• Contributes to the risk and vulnerability management process with the internal CVSS scoring systems.

Qualifications

Competency Requirements:

• Familiar with Cyber threat modeling such as the STRIDE Model
• Experience with two or more of the following aspects of the products: Network, Web, Mobile, Cloud, and Embedded systems
• Minimum BS/BA in cybersecurity, information security, computer science, or relevant required, with the ability of demonstrating sophisticated logical thought processes.
• Minimum of 3-5 years of experience designing secure products and engineering the necessary security functions.
• Familiar with Risk assessment and Threat/Vulnerability analysis of the product
• Good understanding of the CISSP top 10 domains
• Familiar with cyber security frameworks and compliance such as OWASP, NIST, and ISO
• Strong analytic skills, as proven by a track record of analyzing and fixing complex problems in products and processes.
• Excellent judgment in the presence of competing priorities and incomplete data; proven ability to make difficult trade-offs with good judgment.
• Great communication skills to document technical architectures & workflows and present to diverse audiences.

Additional Preferred Qualifications:

• Familiarity with ethical hacking and penetration testing tools & methodologies
• Experience with working with IoT or ICS/SCADA systems
• Experience with working with medical devices
• CISSP or other relevant professional security certification
• Familiar with FDA Premarket and Postmarket Cybersecurity guidance
• Familiar with regulatory aspects of the 510(k) cyber security submission
• Experience in embedded security and development with C/C++ and Python.
• Travel: 10% or less.
• Job location: Onsite or remote (Pacific Time workday).

Additional Information

Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.

Intuitive is an Equal Employment Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.

We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.

Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.

We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target salary ranges are listed.

Base Salary Range Region 1: $196,000 - $282,000 Base Salary Range Region 2: $166,600 - $239,800 Shift: Day Travel: 10% of the time Workplace Type: Purposeful Onsite - This job requires being onsite for leader-defined events and activities which could be monthly/annually. Onsite frequency may increase based on business need.