Senior Embedded Software Engineer - Product Security

Primary Function of Position

This role will contribute broadly to the Product Cybersecurity organization by improving the overall security posture of Intuitive’s products, infrastructure, and services throughout their lifecycle. The position involves designing and developing security features and mitigations and supporting deployment of the infrastructure with a focus on manufacturing and supply chain security. This role works collaboratively across multiple teams and product groups to ensure high-quality, secure products that meet regulatory and organizational standards within a fast-paced environment.

Essential Job Duties

• Design, develop, and implement product security features, mitigations, and tools
• Respond to infrastructure-related escalations, diagnose issues, and implement effective fixes
• Conduct security reviews including architecture reviews, code reviews, and vulnerability assessments
• Develop and maintain security policies, processes, procedures, and documentation such as requirements, test reports, risk analyses, and standard operating procedures
• Support cross-functional teams and third-party vendors in addressing security concerns and compliance with security laws and regulations
• Drive continuous improvement of security processes, policies, and overall risk posture
• Prepare and communicate real-time security status updates and reports to key stakeholders
• Stay current with evolving security threats, technologies, and best practices through formal and self-directed learning

Required Education, Skills & Experience

• Minimum 8 years of experience in cybersecurity, product security engineering or related field with a University degree; or 6 years experience and a Master's degree; or a PhD with 3 years experience; or equivalent experience
• Solid understanding of cybersecurity concepts, including hardware security, software security, network/infrastructure security, cryptography, and security testing and verification
• Proficient in programming and scripting languages such as Python, C/C++ and Bash
• Experience with developing and debugging Linux and network solutions
• Proficiency in secure coding practices, code analysis, and secure software development lifecycle (SDLC) principles
• Knowledge of common web and application security vulnerabilities and mitigation methods (e.g., OWASP Top Ten)
• Familiarity with security protocols and technologies such as PKI, HSM, public key cryptography, TCP/IP, SSL/TLS, and network security
• Strong documentation and communication skills, with ability to effectively collaborate across teams
• Ability to prioritize and work efficiently in a fast-paced, collaborative environment

Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19.  Details can vary by role.

Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.

Mandatory Notices

U.S. Export Controls Disclaimer:  In accordance with the U.S. Export Administration Regulations (15 CFR §743.13(b)), some roles at Intuitive Surgical may be subject to U.S. export controls for prospective employees
who are nationals from countries currently on embargo or sanctions status.

Certain information you provide as part of the application will be used for purposes of determining whether Intuitive Surgical will need to (i) obtain an export license from the U.S. Government on your behalf (note: the government’s licensing process can take 3 to 6+ months) or (ii) implement a Technology Control Plan (“TCP”) (note: typically adds 2 weeks to the hiring process).  

For any Intuitive role subject to export controls, final offers are contingent upon obtaining an approved export license and/or an executed TCP prior to the prospective employee’s
start date, which may or may not be flexible, and within a timeframe that does not unreasonably impede the hiring need. If applicable, candidates will be notified and instructed on any requirements for these purposes. 

We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.

Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.

We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target compensation ranges are listed.