STEM OPT Product Security Engineer Jobs
Product Security Engineer roles qualify for STEM OPT because they require a STEM degree in computer science, cybersecurity, or a related field. Your employer must be enrolled in E-Verify, and the 24-month STEM OPT extension gives you up to 36 months total to build experience in threat modeling, secure design, and vulnerability management before pursuing H-1B sponsorship.
See All Product Security Engineer JobsOverview
Showing 5 of 81+ Product Security Engineer jobs
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
See all 81+ Product Security Engineer jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Product Security Engineer roles.
Get Access To All JobsCOMPANY DESCRIPTION
It started with a simple idea: what if surgery could be less invasive and recovery less painful? Nearly 30 years later, that question still fuels everything we do at Intuitive. As a global leader in robotic-assisted surgery and minimally invasive care, our technologies—like the da Vinci surgical system and Ion—have transformed how care is delivered for millions of patients worldwide.
We’re a team of engineers, clinicians, and innovators united by one purpose: to make surgery smarter, safer, and more human. Every day, our work helps care teams perform with greater precision and patients recover faster, improving outcomes around the world.
The problems we solve demand creativity, rigor, and collaboration. The work is challenging, but deeply meaningful—because every improvement we make has the potential to change a life.
If you’re ready to contribute to something bigger than yourself and help transform the future of healthcare, you’ll find your purpose here.
JOB DESCRIPTION
Primary Function:
The Product Cybersecurity Team is responsible for the security lifecycle of medical devices, software products, infrastructure, cloud services, and IoMT solutions that generate, collect and analyze medical device machine data from thousands of systems deployed world-wide.
The ideal candidate for the position of Product Security Engineer III is an accomplished security engineer, with demonstrated experience in the secure design, development, and management of complex medical device applications and systems. The candidate has solid cybersecurity knowledge, comprising detailed understanding of cybersecurity threats, secure software design principles, secure coding practices and knowledge of cryptographic tools and libraries. The candidate can review product cybersecurity vulnerabilities; can recommend improvements in security design, and can support remediation. The candidate routinely conducts threat modeling, vulnerability management, and product line security management activities.
This position requires a candidate with strong technical and interpersonal skills, the ability to work effectively and collaboratively with the business and peer Engineering teams to deliver high quality solutions that ensure patient safety.
ROLES & RESPONSIBILITIES:
Product Security (20%)
- Assist product teams with defining and shaping Product Security strategy.
- Provide cybersecurity guidance and recommendation to Program & Product teams.
- Provide teams with technical security guidance as part of developing a product marketing strategy.
- Perform Product Security resource management in support of Intuitive product programs/projects.
- Where necessary, support third-party vendor oversight in support of program/project-related Product Security activities.
- Provide Product Cybersecurity support & recommendation to product road-mapping activities.
- Support communication of product cybersecurity strategy as an element of overall product strategy.
- Assist in Product Security Incident Response Team (PSIRT) analysis & response.
Risk Management (20%)
- Ensure that product cybersecurity risk meets product risk acceptance objectives.
- Provide product cybersecurity risk management guidance and expertise to projects, peers or external inquiries.
- Design, implement and maintain common product cybersecurity risk registers.
- Implement, review, and assess the results of product cybersecurity risk assessments for both internal and third-party systems and components.
- Recommend, document, and monitor the implementation of any corrective actions resulting from product cybersecurity risk assessments.
- Perform product cybersecurity risk analysis and risk management for compliance-based initiatives.
- Research new trends in cybersecurity risk management, standards, technologies and framework revisions.
SDLC And Product Delivery (15%)
- Assist in leading and overseeing product cybersecurity Secure Product Development Framework (SPDF) and Software Development Lifecycle (SDLC) practices.
- Gather and review product cybersecurity compliance requirements as a component of Security by Design initiatives.
- Assess product cybersecurity as a component of product designs and architectures.
- Prescribe and evaluate secure coding standards as a component of SPDF and SDLC.
- Support product cybersecurity testing and remediation as a component of SPDF and SDLC.
- Through review of Software Bill of Material (SBOM), Software of Unknown Provenance (SOUP) and security tools environments, assess third-party component security as an element of overall product cybersecurity posture.
- Perform hardware, software, and application cybersecurity threat modeling.
Vulnerability Assessment & Penetration Testing (10%)
- Support development, communication, and execution of vulnerability scanning, secure code review, and penetration testing plans.
- Support scoping engagements and contribute to Statements of Work for external assessment activities.
- Provide hands-on support and expertise to ongoing vulnerability assessment and penetration testing activities.
- Analyze and present findings and/or remediation guidance associated with vulnerability assessment activities.
Security Engineering (10%)
- Support product teams with guidance and recommendations for infrastructure security design.
- Perform vulnerability assessments as required.
- Support hardening of systems to meet product cybersecurity and cyber resilience requirements.
- Provide guidance and recommendations in evaluation of new security products and solutions.
Architecture And Design (10%)
- Determine applicable security requirements and security controls as a component of security design.
- Perform vulnerability analysis and risk assessments of product and system architectures.
- Develop product cybersecurity reports, supporting compliance audits and security assessments.
- Develop and maintain product cybersecurity architecture diagrams & design documents.
- Remain current on the evolving landscape of product cybersecurity frameworks, methodologies, and procedures.
QUALIFICATIONS
Skills, Experience, Education, and Training:
- Bachelor’s degree in Computer Science, Computer Security, or relevant discipline
- 4+ years of experience
- Passion for understanding and researching new vulnerabilities and exploitation techniques
- Proficient in complex network design (firewalls, load-balancing, TLS, switching and routing)
- Practical knowledge of OWASP Top Ten, how to discover, triage, verify and resolve the issues
- Knowledge of common security flaws and resolution as published by SANS, CWE, CVE, CVSS etc.
- Understanding of application threat modeling, secure coding principles and SDLC security best practices
- Demonstrated knowledge of TCP/IP, SSL/TLS, HTTP, switching and routing, Windows & Linux OS, Relational SQL databases
- Demonstrated experience with security tools (Splunk, Syslog, Nessus, nMap, Metasploit, Nexpose, Nessus, Coverity, Checkmarx, et al).
- CISSP, GCIA, GIAC, GISF, GSEC, SSCP, OSCP, OSWE or equivalent certification preferred.
- Hands-on engineering experience with proven ability to work well in a team environment
- Strong analytic skills as proven by a track record of analyzing and fixing complex problems in products and processes.
- Demonstrated good judgment in the presence of competing priorities and incomplete data; proven ability to make difficult trade-offs with good judgment.
- Travel: <10%
ADDITIONAL INFORMATION
Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.
Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.
U.S. Export Controls Disclaimer: In accordance with the U.S. Export Administration Regulations (15 CFR §743.13(b)), some roles at Intuitive Surgical may be subject to U.S. export controls for prospective employees who are nationals from countries currently on embargo or sanctions status.
Certain information you provide as part of the application will be used for purposes of determining whether Intuitive Surgical will need to (i) obtain an export license from the U.S. Government on your behalf (note: the government’s licensing process can take 3 to 6+ months) or (ii) implement a Technology Control Plan (“TCP”) (note: typically adds 2 weeks to the hiring process).
For any Intuitive role subject to export controls, final offers are contingent upon obtaining an approved export license and/or an executed TCP prior to the prospective employee’s start date, which may or may not be flexible, and within a timeframe that does not unreasonably impede the hiring need. If applicable, candidates will be notified and instructed on any requirements for these purposes.
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.
Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.
This position may be filled at a different job level than listed here depending on business need and/or on the selected candidate’s experience, knowledge and skills. Compensation will be based primarily on the job level at which the role is filled and the candidate’s qualifications, consistent with applicable law.
We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target compensation ranges are listed.
COMPANY DESCRIPTION
It started with a simple idea: what if surgery could be less invasive and recovery less painful? Nearly 30 years later, that question still fuels everything we do at Intuitive. As a global leader in robotic-assisted surgery and minimally invasive care, our technologies—like the da Vinci surgical system and Ion—have transformed how care is delivered for millions of patients worldwide.
We’re a team of engineers, clinicians, and innovators united by one purpose: to make surgery smarter, safer, and more human. Every day, our work helps care teams perform with greater precision and patients recover faster, improving outcomes around the world.
The problems we solve demand creativity, rigor, and collaboration. The work is challenging, but deeply meaningful—because every improvement we make has the potential to change a life.
If you’re ready to contribute to something bigger than yourself and help transform the future of healthcare, you’ll find your purpose here.
JOB DESCRIPTION
Primary Function:
The Product Cybersecurity Team is responsible for the security lifecycle of medical devices, software products, infrastructure, cloud services, and IoMT solutions that generate, collect and analyze medical device machine data from thousands of systems deployed world-wide.
The ideal candidate for the position of Product Security Engineer III is an accomplished security engineer, with demonstrated experience in the secure design, development, and management of complex medical device applications and systems. The candidate has solid cybersecurity knowledge, comprising detailed understanding of cybersecurity threats, secure software design principles, secure coding practices and knowledge of cryptographic tools and libraries. The candidate can review product cybersecurity vulnerabilities; can recommend improvements in security design, and can support remediation. The candidate routinely conducts threat modeling, vulnerability management, and product line security management activities.
This position requires a candidate with strong technical and interpersonal skills, the ability to work effectively and collaboratively with the business and peer Engineering teams to deliver high quality solutions that ensure patient safety.
ROLES & RESPONSIBILITIES:
Product Security (20%)
- Assist product teams with defining and shaping Product Security strategy.
- Provide cybersecurity guidance and recommendation to Program & Product teams.
- Provide teams with technical security guidance as part of developing a product marketing strategy.
- Perform Product Security resource management in support of Intuitive product programs/projects.
- Where necessary, support third-party vendor oversight in support of program/project-related Product Security activities.
- Provide Product Cybersecurity support & recommendation to product road-mapping activities.
- Support communication of product cybersecurity strategy as an element of overall product strategy.
- Assist in Product Security Incident Response Team (PSIRT) analysis & response.
Risk Management (20%)
- Ensure that product cybersecurity risk meets product risk acceptance objectives.
- Provide product cybersecurity risk management guidance and expertise to projects, peers or external inquiries.
- Design, implement and maintain common product cybersecurity risk registers.
- Implement, review, and assess the results of product cybersecurity risk assessments for both internal and third-party systems and components.
- Recommend, document, and monitor the implementation of any corrective actions resulting from product cybersecurity risk assessments.
- Perform product cybersecurity risk analysis and risk management for compliance-based initiatives.
- Research new trends in cybersecurity risk management, standards, technologies and framework revisions.
SDLC And Product Delivery (15%)
- Assist in leading and overseeing product cybersecurity Secure Product Development Framework (SPDF) and Software Development Lifecycle (SDLC) practices.
- Gather and review product cybersecurity compliance requirements as a component of Security by Design initiatives.
- Assess product cybersecurity as a component of product designs and architectures.
- Prescribe and evaluate secure coding standards as a component of SPDF and SDLC.
- Support product cybersecurity testing and remediation as a component of SPDF and SDLC.
- Through review of Software Bill of Material (SBOM), Software of Unknown Provenance (SOUP) and security tools environments, assess third-party component security as an element of overall product cybersecurity posture.
- Perform hardware, software, and application cybersecurity threat modeling.
Vulnerability Assessment & Penetration Testing (10%)
- Support development, communication, and execution of vulnerability scanning, secure code review, and penetration testing plans.
- Support scoping engagements and contribute to Statements of Work for external assessment activities.
- Provide hands-on support and expertise to ongoing vulnerability assessment and penetration testing activities.
- Analyze and present findings and/or remediation guidance associated with vulnerability assessment activities.
Security Engineering (10%)
- Support product teams with guidance and recommendations for infrastructure security design.
- Perform vulnerability assessments as required.
- Support hardening of systems to meet product cybersecurity and cyber resilience requirements.
- Provide guidance and recommendations in evaluation of new security products and solutions.
Architecture And Design (10%)
- Determine applicable security requirements and security controls as a component of security design.
- Perform vulnerability analysis and risk assessments of product and system architectures.
- Develop product cybersecurity reports, supporting compliance audits and security assessments.
- Develop and maintain product cybersecurity architecture diagrams & design documents.
- Remain current on the evolving landscape of product cybersecurity frameworks, methodologies, and procedures.
QUALIFICATIONS
Skills, Experience, Education, and Training:
- Bachelor’s degree in Computer Science, Computer Security, or relevant discipline
- 4+ years of experience
- Passion for understanding and researching new vulnerabilities and exploitation techniques
- Proficient in complex network design (firewalls, load-balancing, TLS, switching and routing)
- Practical knowledge of OWASP Top Ten, how to discover, triage, verify and resolve the issues
- Knowledge of common security flaws and resolution as published by SANS, CWE, CVE, CVSS etc.
- Understanding of application threat modeling, secure coding principles and SDLC security best practices
- Demonstrated knowledge of TCP/IP, SSL/TLS, HTTP, switching and routing, Windows & Linux OS, Relational SQL databases
- Demonstrated experience with security tools (Splunk, Syslog, Nessus, nMap, Metasploit, Nexpose, Nessus, Coverity, Checkmarx, et al).
- CISSP, GCIA, GIAC, GISF, GSEC, SSCP, OSCP, OSWE or equivalent certification preferred.
- Hands-on engineering experience with proven ability to work well in a team environment
- Strong analytic skills as proven by a track record of analyzing and fixing complex problems in products and processes.
- Demonstrated good judgment in the presence of competing priorities and incomplete data; proven ability to make difficult trade-offs with good judgment.
- Travel: <10%
ADDITIONAL INFORMATION
Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.
Intuitive is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.
U.S. Export Controls Disclaimer: In accordance with the U.S. Export Administration Regulations (15 CFR §743.13(b)), some roles at Intuitive Surgical may be subject to U.S. export controls for prospective employees who are nationals from countries currently on embargo or sanctions status.
Certain information you provide as part of the application will be used for purposes of determining whether Intuitive Surgical will need to (i) obtain an export license from the U.S. Government on your behalf (note: the government’s licensing process can take 3 to 6+ months) or (ii) implement a Technology Control Plan (“TCP”) (note: typically adds 2 weeks to the hiring process).
For any Intuitive role subject to export controls, final offers are contingent upon obtaining an approved export license and/or an executed TCP prior to the prospective employee’s start date, which may or may not be flexible, and within a timeframe that does not unreasonably impede the hiring need. If applicable, candidates will be notified and instructed on any requirements for these purposes.
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.
Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.
This position may be filled at a different job level than listed here depending on business need and/or on the selected candidate’s experience, knowledge and skills. Compensation will be based primarily on the job level at which the role is filled and the candidate’s qualifications, consistent with applicable law.
We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target compensation ranges are listed.
See all 81+ Product Security Engineer jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Product Security Engineer roles.
Get Access To All JobsTips for Finding STEM OPT Authorization as a Product Security Engineer
Verify your CIP code matches security
Check that your degree's Classification of Instructional Programs code falls under an approved STEM category. Computer Science (11.07xx), Information Security (11.1003), or Electrical Engineering (14.10xx) codes all support Product Security Engineer roles. Confirm with your DSO before applying.
Filter job postings by E-Verify status
Before you apply, confirm the employer is enrolled in E-Verify by searching the E-Verify employer search tool directly. Many security-focused employers at defense contractors and financial institutions are enrolled, but startup-stage companies often are not yet.
Build a threat modeling portfolio before interviewing
Product Security Engineer roles require hands-on evidence of secure design work. Document STRIDE or PASTA threat models from coursework or open-source projects. Hiring managers at product companies evaluate these artifacts directly during technical screens.
Use Migrate Mate to target verified sponsors
Search Migrate Mate to find Product Security Engineer roles at employers with active H-1B and STEM OPT filing history. Filtering by E-Verify enrollment and prior sponsorship activity narrows your list to companies already familiar with the I-983 training plan process.
Negotiate your I-983 training plan scope early
Raise the I-983 training plan in the offer stage, not after you start. The plan must list your learning objectives, supervision structure, and how the role ties to your STEM degree. Getting alignment before your start date avoids delays in your DSO's approval.
Product Security Engineer jobs are hiring across the US. Find yours.
Find Product Security Engineer JobsFrequently Asked Questions
Does a cybersecurity or information security degree qualify for STEM OPT in a Product Security Engineer role?
Yes. Degrees in cybersecurity, information security, computer science, electrical engineering, and related STEM fields qualify, provided your degree's CIP code appears on the DHS STEM Designated Degree Program List. Confirm the exact CIP code on your transcript with your DSO before you submit the STEM OPT extension request, since the code on record determines eligibility, not the degree title alone.
What does the I-983 training plan need to include for a Product Security Engineer position?
The I-983 must describe how your day-to-day work as a Product Security Engineer connects to your STEM degree. That means listing specific learning objectives such as threat modeling, vulnerability assessment, or secure development lifecycle practices, identifying your direct supervisor, and explaining how the employer will provide oversight. USCIS and ICE both review these plans during compliance checks, so vague or template language creates risk for you and your employer.
How do I confirm a company hiring Product Security Engineers is enrolled in E-Verify?
Use the E-Verify employer search tool to look up the company by name or location before you apply. E-Verify enrollment is a hard requirement for STEM OPT employers. If a company does not appear in the search results, your DSO cannot approve the training plan, and your STEM OPT extension cannot begin at that employer regardless of the job offer.
Where can I find Product Security Engineer jobs where employers already understand STEM OPT requirements?
Migrate Mate lists Product Security Engineer roles filtered by employers with documented H-1B and STEM OPT sponsorship history. Targeting companies that have already filed LCAs for security engineering roles reduces the back-and-forth of explaining E-Verify enrollment and I-983 obligations to HR teams encountering OPT for the first time.
What happens to my STEM OPT authorization if my H-1B is selected in the lottery but my EAD expires before October 1?
Cap-gap protection extends your work authorization automatically if your OPT EAD expires between April 1 and September 30 and your employer filed an H-1B petition before that expiration date. You can continue working as a Product Security Engineer through September 30 under cap-gap. Your employer must file the I-129 on time, and your cap-gap period does not require a new EAD card.
See which Product Security Engineer employers are hiring and sponsoring visas right now.
Search Product Security Engineer Jobs