Apply on Employer Site

Intuitive · 16 hours ago

Senior Product Security Engineer - Vulnerability Management

Sunnyvale, CA

Full-time

Onsite

Senior Level

$189K/yr - $271K/yr

Intuitive is a global leader in robotic-assisted surgery and minimally invasive care, focused on transforming how care is delivered. The Senior Product Security Engineer will be responsible for managing the vulnerability lifecycle of medical devices and software products, ensuring patient safety and compliance through effective risk management and collaboration with engineering teams.

Health CareManufacturingMedical Device

Growth Opportunities

H1B Sponsor Likely

Responsibilities

Own and operate the post-market vulnerability management lifecycle across Intuitive products and services, from intake through remediation and closure

Perform and operationalize ongoing vulnerability scanning for internal and external assets, including medical devices, digital applications, infrastructure, cloud services, and IoMT solutions

Manage monthly, quarterly, and annual vulnerability scans and penetration tests, including coordination with third-party providers to meet regulatory and compliance requirements

Define scan scope, rules of engagement, and schedules with external vendors to ensure coverage, quality, and on-time delivery

Analyze vulnerability findings to assess real-world risk, prioritizing issues based on exploitability, exposure, patient safety, and business impact

Review and synthesize results from scans and penetration tests, delivering clear, prioritized remediation guidance to engineering and product stakeholders

Track remediation activities to completion, ensuring alignment with compliance obligations and internal risk acceptance criteria

Maintain vulnerability inventories, repositories, and metrics to support ongoing reporting and audits

Prepare and deliver vulnerability reports, dashboards, and technical risk evaluations for monthly, quarterly, and annual reviews

Support risk-based vulnerability assessments across the post-market product portfolio

Conduct ad-hoc vulnerability scans and analyses in support of incident response, customer inquiries, and emerging threat activity

Identify vulnerability trends and patterns to inform preventative controls and long-term risk reduction

Advise remediation teams on effective mitigation strategies and secure engineering practices

Support the development, maintenance, and monitoring of Software Bills of Materials (SBOMs) as part of vulnerability tracking and reporting

Contribute to the design, improvement, and operation of vulnerability management processes, standards, and security policies

Maintain vulnerability management procedures and playbooks, supporting leadership, service teams, and audit stakeholders

Partner closely with Product Security, Engineering, Quality, Incident Response, and service teams through regular check-ins and coordinated execution

Support incident response activities and investigations related to product vulnerabilities

Help elevate organizational awareness of emerging threats and in-market vulnerabilities, and how Intuitive proactively manages risk

Qualification

Vulnerability managementCybersecurity knowledgeSecure software designPenetration testingCryptographic toolsRisk assessment frameworksCompliance reportingAnalytical skillsCollaboration skillsCommunication skills

Required

Hands-on experience owning post-market vulnerability management or product security workflows in a regulated or safety-critical environment

Strong understanding of vulnerability lifecycles, including intake, triage, validation, prioritization, remediation tracking, verification, and reporting

Practical experience assessing real-world risk using frameworks such as CVE, CVSS, CWE, OWASP Top 10, and SANS guidance

Experience coordinating third-party security assessments, including vulnerability scanning and penetration testing engagements

Ability to translate technical findings into clear, actionable remediation guidance for engineering and product teams

Strong judgment in balancing security risk, compliance requirements, and product realities

Familiarity with secure software design principles, secure coding practices, and threat modeling

Working knowledge of cryptographic tools, libraries, and common security controls

Experience supporting audit, compliance, and regulatory reporting related to product security

Exposure to SBOMs, third-party component risk, and software supply chain security

Comfort operating across hardware, software, firmware, and cloud environments, with the ability to learn new domains quickly

Strong analytical skills with a track record of solving complex technical and operational problems

Excellent collaboration and communication skills, with the ability to influence cross-functional teams without direct authority

Ability to manage multiple workstreams, vendors, and stakeholders while maintaining responsiveness and operational rigor

A mindset oriented toward continuous improvement, adaptability, and building scalable security processes

Experience in vulnerability management, information assurance, security operations, and penetration testing

Ability to plan, manage, and execute multiple tasks and projects within defined timelines

Operating the vulnerability scanning tool set – may include Qualys, Nessus, Gitlab, Black Duck, etc

Excellent verbal, written, and presentation communication skills. Ability to clearly articulate risk and provide actionable remediation guidance

Preferred

Bachelor's degree or higher, preferred in Cybersecurity or a closely related field, or an equivalent combination of education, training, and experience

Current, relevant professional certifications, such as GPEN, GWAPT, GEVA, CEPT, OSCP, OSCE a plus

Prior experience in healthcare, medical device, or bioscience sectors a plus

Knowledge of the OWASP Top 10

Demonstrated knowledge and skill in exploitation tactics including, but not limited to, buffer overflows, heap overflows, format string attacks, cross-site scripting, SQL injection, LFI and RFI, cross-site request forgery, server-side request forgery, XXE, pass-the-hash, ARP poisoning, wi-fi injection, phishing, credential harvesting, MiTM, AP spoofing, brute forcing, etc

Able to demonstrate risk with post-exploitation tactics such as pivoting, data scavenging, privilege escalation, etc

Familiarity of security concepts, e.g. best practices to protect CIA, types of security controls, CIS Top 20 Security Controls, risk management, risk analysis models, threat modeling, common vulnerability scoring system (CVSS)

Familiarity of the Cyber Kill Chain and MITRE ATT&CK frameworks

Benefits

Market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity

Company

Intuitive

Intuitive designs and manufactures robotic-assisted surgical systems.

Founded in 1995

Sunnyvale, California, USA

10001+ employees

https://www.intuitive.com/

H1B Sponsorship

Intuitive has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (339)

2024 (238)

2023 (181)

2022 (285)

2021 (145)

2020 (138)

Funding

Current Stage

Public Company

Total Funding

$5M

Key Investors

St. Cloud Capital

2003-04-30Post Ipo Equity

2000-06-23IPO

1996-01-01Seed· $5M

Leadership Team

Craig Child

Sr. Vice President, Human Resources

Gillian Duncan

Senior Vice President, Professional Education & Program Services - Worldwide

Recent News

GlobeNewswire

Intuitive Announces Expanded Indications for da Vinci SP

2025-12-11

EIN Presswire

Trends and Analysis of the Artificial Intelligence-Powered Spinal Surgery Market by Application, with Forecasts 2029

2025-12-11

The Motley Fool

2 Healthcare Stocks for Beginner Investors With a 40-Year Time Horizon

2025-11-14

Company data provided by crunchbase