Primary Function of Position:
The Sr Product Security Engineer is primarily responsible for conducting security analysis of Intuitive Surgical products, developing recommended security mitigations, and deriving security requirements for surgical systems in Intuitive Surgical product portfolio, including SinglePort, MultiPort daVinci Surgical Systems, ION system and associated peripherals and instruments.
Responsibilities:
- Work closely with the product teams and understand our products in depth to review and document the security attack surface, trust boundaries and data flows.
- Develop threat models that enumerate cybersecurity risks and threats.
- Document and verify the existing security mitigations and identify if additional mitigations are required for our products.
- Work with the product teams to provide guidance during mitigation design and development.
- Contribute to development and implementation of security controls, test and verification protocols. Assist in conducting security verification and validation efforts.
Required Skills and Experience
- Minimum of 8 years of related experience and a Bachelor’s degree; or 6 years of experience and a Master's degree; or a PhD with 3 years of experience; or equivalent experience
- In-depth knowledge of security concepts regarding embedded systems, operating systems, firmware, and software security
- Hands-on experience with Python, Bash or other scripting languages
- Understanding of current and emerging security technologies and threats
- In-depth knowledge of security risks and threats associated with wired and wireless device interfaces including USB, JTAG, serial ports, UART, SPI, Ethernet, Bluetooth and Wi-Fi
- Proficient with methodologies, tools, best practices, and processes across various cybersecurity areas
- Knowledge of common security flaws and resolution as published by SANS, MITRE (CVE, CWE)
- Proven experience with threat modeling and risk analysis with ability to understand and score using the CVSS method
- Ability to work with Software Bill of Materials (SBOM) and vulnerability assessment of components in the SBOM
- Ability to gather written and verbal information from multiple sources, assess and consolidate risks to provide appropriate recommendations
- Hands-on experience with penetration testing and vulnerability analysis frameworks and tools
- Experience in developing test routines and protocols to validate security mitigations
- Excellent documentation and communication skills
Preferred Skills and Experience
- Embedded development experience with C/C++
- Experience with security analysis of medical devices and products
- Experience with medical device cybersecurity regulations (FDA, NMPA, EU MDR, MDCG, HIPAA)
- Experience developing hardware level security controls such as secure boot and firmware verification
- Experience in Cybersecurity related data analytics, machine learning, anomaly detection and incident response
Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.
Intuitive is an Equal Employment Opportunity / Affirmative Action Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.
EEO and AA Policy
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.
Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.
We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target salary ranges are listed.
