Senior Product Security Engineer

Reports to: Director, Product Security

Department: Network Security | Location: Remote or Hybrid

Job Overview

You will collaborate across all Product Engineering teams and across the Company to build a secure SaaS platform and network that will enable surgeries to be performed remotely as part of normal healthcare operations. We are seeking a skilled Senior Product Security Engineer to work closely with our software engineering and product teams to ensure the security of our products throughout their lifecycle. In this role, you will support the implementation of secure development practices, threat modeling, architecture, design, vulnerability assessments and security verification, as well as driving the security standards for a variety of products and promoting a security-first culture within the organization.lifecycle—enabling life-saving care to be delivered virtually and globally.

Primary Responsibilities

Threat modeling: develop product specific threat models leveraging STRIDE or a similar methodology to break down complex connected infrastructure and provide cybersecurity requirements.
Apply risk management consistent with ISO 14971 medical device risk management in an ISO 13485 quality management system.
Work extensively with cross-functional development partners to design, implement and test cybersecurity requirements.
Security Design Reviews: collaborate with product and engineering teams to review designs, architecture, and implementations for security best practices.
Vulnerability Management: monitor, identify, and remediate security vulnerabilities in products; conduct regular security testing, including penetration testing and code reviews.
Incident Response: develop and maintain incident response plans, including investigation and remediation of security incidents.
Extensive experience with documentation and reporting: create detailed security documentation, including reports on vulnerabilities and remediation efforts, to inform stakeholders of risks and compliance.
Training and Awareness: develop and deliver training sessions to educate product teams on secure coding practices and emerging security threats.
Compliance: ensure that products comply with relevant security standards, regulations, and best practices (e.g., OWASP, NIST, GDPR, ISO 27001).
Other responsibilities as assigned.

Required Skills

The successful candidate will be a self-starter who is comfortable working in an entrepreneurial environment. Collaboration and contribution to a supportive team culture is essential. This person must have the desire and ability to work with many individuals across all aspects of the business. Start-up or small company experience is desired.

Education: Bachelor’s degree in Computer Science, Information Security, or a related field; relevant certifications (e.g., CISSP, CEH, OSCP) are a plus.
Experience: 6+ years of experience in product security, application security, or a related field.
Experience in application security for a healthcare platform.
Experience with penetration testing and evaluating TLS implementations.
Technical Skills: strong understanding of security principles, secure coding practices, familiarity with security tools and technologies (e.g., static/dynamic analysis, fuzz testing).
Analytical Skills: excellent problem-solving abilities with a keen attention to detail; ability to analyze complex systems and identify potential security issues.
Communication: Strong verbal and written communication skills; ability to convey technical information to non-technical stakeholders.
Team Player: collaborative mindset with a willingness to work cross-functionally within the organization.

Preferred Qualifications

Extensive experience with cloud security, Kubernetes, MQTT and DevSecOps practices.
Familiarity with various programming languages and frameworks (e.g., C#, Ruby/Rails, Go, C/C++ and JavaScript).
Understanding of network security protocols and architecture (TLS, PKI, key management, TPM, CVSS)
Previous experience with regulated medical devices and regulatory compliance

Why Join Sovato?

Shape the future of surgery by enabling remote access to life-saving care.
Be part of a pioneering team at the intersection of healthcare and technology.
Competitive compensation and benefits package, including medical, dental, vision coverage, and travel opportunities.

Job Overview

Primary Responsibilities

Threat modeling: develop product specific threat models leveraging STRIDE or a similar methodology to break down complex connected infrastructure and provide cybersecurity requirements.
Apply risk management consistent with ISO 14971 medical device risk management in an ISO 13485 quality management system.
Work extensively with cross-functional development partners to design, implement and test cybersecurity requirements.
Security Design Reviews: collaborate with product and engineering teams to review designs, architecture, and implementations for security best practices.
Vulnerability Management: monitor, identify, and remediate security vulnerabilities in products; conduct regular security testing, including penetration testing and code reviews.
Incident Response: develop and maintain incident response plans, including investigation and remediation of security incidents.
Extensive experience with documentation and reporting: create detailed security documentation, including reports on vulnerabilities and remediation efforts, to inform stakeholders of risks and compliance.
Training and Awareness: develop and deliver training sessions to educate product teams on secure coding practices and emerging security threats.
Compliance: ensure that products comply with relevant security standards, regulations, and best practices (e.g., OWASP, NIST, GDPR, ISO 27001).
Other responsibilities as assigned.

Required Skills

Education: Bachelor’s degree in Computer Science, Information Security, or a related field; relevant certifications (e.g., CISSP, CEH, OSCP) are a plus.
Experience: 6+ years of experience in product security, application security, or a related field.
Experience in application security for a healthcare platform.
Experience with penetration testing and evaluating TLS implementations.
Technical Skills: strong understanding of security principles, secure coding practices, familiarity with security tools and technologies (e.g., static/dynamic analysis, fuzz testing).
Analytical Skills: excellent problem-solving abilities with a keen attention to detail; ability to analyze complex systems and identify potential security issues.
Communication: Strong verbal and written communication skills; ability to convey technical information to non-technical stakeholders.
Team Player: collaborative mindset with a willingness to work cross-functionally within the organization.

Preferred Qualifications

Extensive experience with cloud security, Kubernetes, MQTT and DevSecOps practices.
Familiarity with various programming languages and frameworks (e.g., C#, Ruby/Rails, Go, C/C++ and JavaScript).
Understanding of network security protocols and architecture (TLS, PKI, key management, TPM, CVSS)
Previous experience with regulated medical devices and regulatory compliance

Why Join Sovato?

Shape the future of surgery by enabling remote access to life-saving care.
Be part of a pioneering team at the intersection of healthcare and technology.
Competitive compensation and benefits package, including medical, dental, vision coverage, and travel opportunities.

Job Overview

As a Production Engineer at Sovato, you are the guardian of the hardware and infrastructure that makes remote surgery possible. This is a high-impact, hands-on role where you will design, implement, and optimize the assembly of our specialized network products.

You will manage the full lifecycle of our product portfolio—from initial inventory and kitting to complex configuration and field deployment. Based at our Goleta headquarters, you will work cross-functionally to ensure that every system leaving our facility is a masterpiece of reliability, precision, and clinical readiness.

Primary Responsibilities

Production & Site Development

Kit Solutions: Lead the configuration and testing of product kits designed for critical surgical environments.
Process Optimization: Design and refine production workflows to improve scalability, reduce errors, and ensure rapid deployment.
Validation & Testing: Execute rigorous testing and labeling protocols to verify that all hardware meets Sovato’s strict performance standards.
Lifecycle Logistics: Oversee inventory management and coordinate the secure delivery of systems to global customer sites.
Documentation: Author and maintain production artifacts, Work Instructions, and tracking logs to ensure a traceable and compliant equipment history.

Technical Support & Strategic Collaboration

High-Stakes Support: Provide empathetic, expert technical support for customers, ensuring any field issues are resolved with minimal downtime.
Cross-Functional Feedback: Collaborate with the NOC, Engineering, and Product teams to turn field data into product improvements.
Operational Excellence: Contribute to technical knowledge bases and playbooks to standardize our global deployment strategy.

Qualifications & Skills

Professional Background

Education: Bachelor’s degree in Engineering, Computer Science, or a related technical discipline.
Experience: 2+ years of production engineering experience, ideally within a regulated or high-reliability industry (e.g., MedTech, Aerospace, or Networking).

Technical

Network Infrastructure: Proficiency in network configuration, management, and troubleshooting.
Security Hardware: Hands-on experience with firewalls and security appliances (specifically FortiGate).
Process Mindset: A strong understanding of how to build repeatable, scalable production processes for hardware.

Professional Attributes

Meticulous Detail: A deep commitment to accuracy; in surgery, the "small things" are the big things.
Communication: Ability to distill complex networking concepts into clear instructions for diverse stakeholders.
Adaptability: A self-starter who thrives in a fast-paced startup environment and can work effectively with distributed teams.

Physical & Travel Requirements

Field Readiness: Ability to lift and install equipment (up to 50 lbs), climb ladders, and work in diverse field environments.
Mobility: Willingness to travel up to 25% for deployments and onsite support, including international travel.

Why Join Sovato?

Shape the future of surgery by enabling remote access to life-saving care.
Be part of a pioneering team at the intersection of healthcare and technology.
Competitive compensation and benefits package, including medical, dental, vision coverage, and travel opportunities.

Environmental Conditions
Sovato is an equal opportunity employer & prohibits unlawful discrimination based on race, color, religion, gender, sexual orientation, gender identity/expression, national origin/ancestry, age, disability, marital & veteran status. Because being on a Sovato product team requires visits to health care providers, some vaccinations may be required to fulfill your work here.

About Sovato
Sovato is a team of healthcare leaders, innovators, and clinicians passionate about shaping the future of surgery. We are fueled by a profound mission to create unprecedented access to high-quality surgical care, delivering scarce surgical resources to new markets and new patients—transcending the geographic boundaries that exist with surgery today.

Advancements in enabling technology, such as robotic surgical systems, virtual care, and the global telecommunication infrastructure, offer a unique moment in time to deliver remote robotic surgery. For patients, remote surgery creates ample access to the right surgeon, the right care and at an affordable price, driving consumer choice and decreasing the need for travel and delayed care. For healthcare systems and organizations, Sovato offers a novel solution to optimize clinical capacity, capture new surgical revenue, and create greater access to high-quality surgical care for all.

Remote surgery will forever change how surgery is received, delivered, and accessed. Our comprehensive solution brings together the people, systems, tools, and data in an integrated ecosystem––addressing the full scale of requirements to ensure a safe, scalable, and sustainable remote surgery program. The Sovato platform will manage every facet of the surgical journey from coordination, communication, connectivity, and system integrations when the patient is not in the same location as the surgeon––from the point of referral to surgery all the way through post-op care. Sovato offers a competitive benefit package including medical, dental and vision coverage and a 401k.