Product Security Engineer at Intuitive

Primary Function: The Product Cybersecurity Team is responsible for the security lifecycle of medical devices, software products, infrastructure, cloud services, and IoMT solutions that generate, collect and analyze medical device machine data from thousands of systems deployed world-wide. The ideal candidate for the position of Product Security Engineer III is an accomplished security engineer, with demonstrated experience in the secure design, development, and management of complex medical device applications and systems. The candidate has solid cybersecurity knowledge, comprising detailed understanding of cybersecurity threats, secure software design principles, secure coding practices and knowledge of cryptographic tools and libraries. The candidate can review product cybersecurity vulnerabilities; can recommend improvements in security design, and can support remediation. The candidate routinely conducts threat modeling, vulnerability management, and product line security management activities. This position requires a candidate with strong technical and interpersonal skills, the ability to work effectively and collaboratively with the business and peer Engineering teams to deliver high quality solutions that ensure patient safety. Roles & Responsibilities: Product Security (20%) • Assist product teams with defining and shaping Product Security strategy. • Provide cybersecurity guidance and recommendation to Program & Product teams. • Provide teams with technical security guidance as part of developing a product marketing strategy. • Perform Product Security resource management in support of Intuitive product programs/projects. • Where necessary, support third-party vendor oversight in support of program/project-related Product Security activities. • Provide Product Cybersecurity support & recommendation to product road-mapping activities. • Support communication of product cybersecurity strategy as an element of overall product strategy. • Assist in Product Security Incident Response Team (PSIRT) analysis & response.Risk Management (20%) • Ensure that product cybersecurity risk meets product risk acceptance objectives. • Provide product cybersecurity risk management guidance and expertise to projects, peers or external inquires. • Design, implement and maintain common product cybersecurity risk registers. • Implement, review, and assess the results of product cybersecurity risk assessments for both internal and third-party systems and components. • Recommend, document, and monitor the implementation of any corrective actions resulting from product cybersecurity risk assessments. • Perform product cybersecurity risk analysis and risk management for compliance-based initiatives. • Research new trends in cybersecurity risk management, standards, technologies and framework revisionsSDLC And Product Delivery (15%) • Assist in leading and overseeing product cybersecurity Secure Product Development Framework (SPDF) and Software Development Lifecycle (SDLC) practices. • Gather and review product cybersecurity compliance requirements as a component of Security by Design initiatives. • Assess product cybersecurity as a component of product designs and architectures. • Prescribe and evaluate secure coding standards as a component of SPDF and SDLC. • Support product cybersecurity testing and remediation as a component of SPDF and SDLC. • Through review of Software Bill of Material (SBOM), Software of Unknown Provenance (SOUP) and security tools environments, assess third-party component security as an element of overall product cybersecurity posture. • Perform hardware, software, and application cybersecurity threat modeling.Vulnerability Assessment & Penetration Testing (10%) • Support development, communication, and execution of vulnerability scanning, secure code review, and penetration testing plans. • Support scoping engagements and contribute to Statements of Work for external assessment activities. • Provide hands-on support and expertise to ongoing vulnerability assessment and penetration testing activities. • Analyze and present findings and/or remediation guidance associated with vulnerability assessment activities.Security Engineering (10%) • Support product teams with guidance and recommendations for infrastructure security design. • Perform vulnerability assessments as required • Support hardening of systems to meet product cybersecurity and cyber resilience requirements. • Provide guidance and recommendations in evaluation of new security products and solutions.Architecture And Design (10%) • Determine applicable security requirements and security controls as a component of security design. • Perform vulnerability analysis and risk assessments of product and system architectures. • Develop product cybersecurity reports, supporting compliance audits and security assessments. • Develop and maintain product cybersecurity architecture diagrams & design documents. • Remain current on the evolving landscape of product cybersecurity frameworks, methodologies, and procedures.