Skip to main content

Staff Product Security Engineer

  • Sunnyvale, CA, United States
  • Not Remote
  • Engineering
  • JOB214837
Clinical Development Engineering

Company Description

It started with a simple idea: what if surgery could be less invasive and recovery less painful? Nearly 30 years later, that question still fuels everything we do at Intuitive. As a global leader in robotic-assisted surgery and minimally invasive care, our technologies—like the da Vinci surgical system and Ion—have transformed how care is delivered for millions of patients worldwide.

We’re a team of engineers, clinicians, and innovators united by one purpose: to make surgery smarter, safer, and more human. Every day, our work helps care teams perform with greater precision and patients recover faster, improving outcomes around the world.

The problems we solve demand creativity, rigor, and collaboration. The work is challenging, but deeply meaningful—because every improvement we make has the potential to change a life.

If you’re ready to contribute to something bigger than yourself and help transform the future of healthcare, you’ll find your purpose here.

Job Description

Primary Function of Position
We are seeking a Staff Product Security engineer to join the software team within the
Endoluminal business unit. The successful candidate in this role will serve as the primary security
interface between the Endoluminal business unit and our centralized product security teams. This
role spans embedded security for network-connected medical devices as well as cloud security
for web applications and services. The ideal candidate is a strong individual contributor today with
the potential to help shape our long-term security operating model, including mentoring engineers
and contributing to future team-building efforts.
Essential Job Duties (Specific responsibilities and tasks an individual would be expected to
perform in the role. Additional job duties may be determined by functional people manager)
 Act as the product security point of contact for the business unit, collaborating with
centralized security, IT, compliance, and engineering teams.
 Drive secure-by-design practices across embedded medical devices and cloud-based
applications.
 Provide hands-on technical leadership for security architecture, threat modeling, and risk
assessments

 Partner with software teams to manage embedded product
security, including interfaces to external imaging systems,
devices, removable media, networks, and service tooling.
 Partner with software teams to manage cloud product
security, including web apps, services, data platforms, and
pipelines.
 Translate corporate security standards into practical product implementations.
 Maintain a hands-on role in design reviews, code reviews, vulnerability management, pen
testing, and incident response.
 Support regulatory and industry security requirements relevant to medical devices.
 Set best practices for tools and technologies that make our security posture more
effective

Qualifications

Required Skills and Experience (Specific skills, knowledge, and experience that an individual
must possess in order to successfully perform in job)
 Hands-on experience in cybersecurity engineering, with working knowledge of both
embedded and cloud platforms.
 Experience with embedded system or device security, including secure boot, firmware,
interfaces, and attack surface reduction.
 Experience securing cloud-native applications and services, including identity,
networking, APIs, data protection.
 Experience in one or more cyber security frameworks and compliance standards,
including NIST and ISO.
 Practical experience with threat modeling, vulnerability assessment, and security
architecture design.
 Ability to work effectively across organizational boundaries and communicate with
engineering, product, and security stakeholders.
 Excellent problem-solving skills and a collaborative mindset.

Required Education and Training (As applicable - Specific education
and training that an individual must possess in order to successfully
perform in job)
- Bachelor's or Master’s degree in computer science or
related field.
- Minimum of 8 years relevant experience in software product security.
Working Conditions (As applicable - Any physical requirements for the job. If not applicable, state
“none”)
None
Preferred Skills and Experience (As applicable - Specific skills, knowledge, and experience that
are not required to perform the job, but are desirable to have)
- Experience working with medical devices and FDA pre- and post-market cybersecurity
guidance.
- Experience with defining and implementing data privacy requirements.

Additional Information

Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19.  Details can vary by role.

Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.

Mandatory Notices

U.S. Export Controls Disclaimer:  In accordance with the U.S. Export Administration Regulations (15 CFR §743.13(b)), some roles at Intuitive Surgical may be subject to U.S. export controls for prospective employees who are nationals from countries currently on embargo or sanctions status.

Certain information you provide as part of the application will be used for purposes of determining whether Intuitive Surgical will need to (i) obtain an export license from the U.S. Government on your behalf (note: the government’s licensing process can take 3 to 6+ months) or (ii) implement a Technology Control Plan (“TCP”) (note: typically adds 2 weeks to the hiring process).  

For any Intuitive role subject to export controls, final offers are contingent upon obtaining an approved export license and/or an executed TCP prior to the prospective employee’s start date, which may or may not be flexible, and within a timeframe that does not unreasonably impede the hiring need. If applicable, candidates will be notified and instructed on any requirements for these purposes. 

We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.

Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.

This position may be filled at a different job level than listed here depending on
business need and/or on the selected candidate’s experience, knowledge and skills.
Compensation will be based primarily on the job level at which the role is filled and the
candidate’s qualifications, consistent with applicable law.

We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target compensation ranges are listed.

Base Compensation Range Region 1: $225 500 USD - $324 500 USD
Base Compensation Range Region 2: $191 700 USD - $275 800 USD
Shift: Day
Workplace Type: Set Schedule - This job will be onsite weekly, the percentage of onsite work will be defined by the leader.

**Important Notice to Job Seekers: Beware of Recruitment Scams**

We have been made aware of fraudulent job offers being sent to candidates by individuals posing as representatives of our company. Please be advised that we would never extend an offer of employment to anyone who has not formally submitted an application through our official careers site and completed our formal interview process.

To protect yourself from potential scams, please ensure that any communication you receive regarding job opportunities at our company directs you to our careers site (https://careers.intuitive.com/en/) for application submission.

The Future is Intuitive

At Intuitive, we envision a future where care is more connected, customized, and intelligent—so the question won’t just be how long we live, but how well.

Team members in HR, Engineering, and Analytics standing together with blue background

Work at Intuitive

Our culture defines us.

Our culture is driven by passionate people who truly want to make a difference. Learn more about our unique environment and the characteristics of people who thrive at our company.

Learn about our culture

Benefits

Our benefits overview.

We believe in supporting happy and healthy teams. As a valued team member, your benefits extend far beyond your hourly pay or salary. Learn more about our benefits and perks.

Explore employee benefits
Financial Offerings

Financial offerings

We're here to support your short- and long-term goals.
Family Support

Family support

At Intuitive, we believe in the importance of family and seek to foster a family-friendly culture.
Healthcare Plans

Healthcare plans

Like the patients we serve, your health is also very important to us.
Growth & Development

Growth & development

Your personal and professional growth and development is important to you--and to us.
Generic 2

Not yet ready to apply?

When you join our Talent Community, we‘ll keep you informed about all things Intuitive, including new job openings, employee stories, and company news. You’ll see how every day we‘re proving what‘s possible—for our careers and for minimally invasive robotic surgery.

Join our Talent Community