Senior Product Security Engineer - Vulnerability Management

Senior Product Security Engineer - Vulnerability Management

• Full-time
• Shift: Day
• Max. Salary Region 2: 230700 USD
• Max. Salary Region 1: 271400 USD
• Ways of Working:
  Onsite - This job is fully onsite.
• Employee Type:
  Employee
• Min. Salary Region 1: 188600 USD
• Global Job Level (HCM):
  Professional 4 (11)
• Min. Salary Region 2: 160300 USD

It started with a simple idea: what if surgery could be less invasive and recovery less painful? Nearly 30 years later, that question still fuels everything we do at Intuitive
. As a global leader in robotic-assisted surgery and minimally invasive care
, our technologies—like the da Vinci surgical system and Ion
—have transformed how care is delivered for millions of patients worldwide.

We’re a team of engineers, clinicians, and innovators united by one purpose: to make surgery smarter, safer, and more human. Every day, our work helps care teams perform with greater precision and patients recover faster, improving outcomes around the world.

The problems we solve demand creativity, rigor, and collaboration. The work is challenging, but deeply meaningful—because every improvement we make has the potential to change a life.

If you’re ready to contribute to something bigger than yourself and help transform the future of healthcare
, you’ll find your purpose here.

The Product Cybersecurity Team is responsible for the security lifecycle of medical devices, software products, infrastructure, cloud services, and IoMT solutions that generate, collect and analyze medical device machine data from thousands of systems deployed world-wide.

The ideal candidate for the position of Senior Product Security Engineer is an accomplished security engineer, with demonstrated experience in the secure design, development, and management of complex medical device applications and systems. The candidate has solid cybersecurity knowledge, comprising detailed understanding of cybersecurity threats, secure software design principles, secure coding practices and knowledge of cryptographic tools and libraries. The candidate can review product cybersecurity vulnerabilities;

can recommend improvements in security design, and can support remediation. The candidate routinely conducts threat modeling, vulnerability management, and product line security management activities.

This position requires a candidate with strong technical and interpersonal skills, the ability to work effectively and collaboratively with the business and peer Engineering teams to deliver high quality solutions that ensure patient safety.

• Own and operate the post-market vulnerability management lifecycle across Intuitive products and services, from intake through remediation and closure
• Perform and operationalize ongoing vulnerability scanning for internal and external assets, including medical devices, digital applications, infrastructure, cloud services, and IoMT solutions
• Manage monthly, quarterly, and annual vulnerability scans and penetration tests, including coordination with third‑party providers to meet regulatory and compliance requirements
• Define scan scope, rules of engagement, and schedules with external vendors to ensure coverage, quality, and on‑time delivery
• Analyze vulnerability findings to assess real‑world risk, prioritizing issues based on exploitability, exposure, patient safety, and business impact
• Review and synthesize results from scans and penetration tests, delivering clear, prioritized remediation guidance to engineering and product stakeholders
• Track remediation activities to completion, ensuring alignment with compliance obligations and internal risk acceptance criteria
• Maintain vulnerability inventories, repositories, and metrics to support ongoing reporting and audits
• Prepare and deliver vulnerability reports, dashboards, and technical risk evaluations for monthly, quarterly, and annual reviews
• Support risk‑based vulnerability assessments across the post‑market product portfolio
• Conduct ad‑hoc vulnerability scans and analyses in support of incident response, customer inquiries, and emerging threat activity
• Identify vulnerability trends and patterns to inform preventative controls and long‑term…