Senior Product Security Engineer

Remote Full-time
Career-defining. Life-changing.

At iRhythm, you’ll have the opportunity to grow your skills and your career while impacting the lives of people around the world. iRhythm is shaping a future where everyone, everywhere can access the best possible cardiac health solutions. Every day, we collaborate, create, and constantly reimagine what’s possible. We think big and move fast, driven by our commitment to put patients first and improve lives. We need builders like you. Curious and innovative problem solvers looking for the chance to meaningfully shape the future of cardiac health, our company, and your career

About This Role:
We are seeking a Senior Product Security Engineer with medical device experience who will ensure robust protection of patient data, device integrity, and regulatory compliance. In this role, you will partner with engineering, product management, regulatory, quality, and privacy teams to embed security across the product lifecycle, drive continuous improvement in alignment with FDA cybersecurity and product security requirements.

Key Responsibilities
FDA Cybersecurity Compliance: Ensure compliance with FDA cybersecurity guidance and regulations in collaboration with Cybersecurity, Regulatory, Quality, and Systems Development teams.
Risk Assessments & CSRAs: Conduct comprehensive security risk assessments, including Cybersecurity Risk Assessments (CSRAs), to identify vulnerabilities and threats across device hardware, firmware, software, and cloud components.
Threat Modeling: Develop and maintain device-specific cyber threat models, factoring in patient safety, data privacy, and operational continuity.
SBOM Management: Demonstrate familiarity with Software Bill of Materials (SBOM) and effectively communicate technical details.
Security Documentation: Create and maintain cybersecurity documentation for pre- and post-market activities, ensuring regulatory alignment.
Data Flow Diagrams: Produce detailed data flow diagrams to support the threat modeling process.
Security Design Reviews: Participate in design reviews of medical device architectures and implementations, providing actionable recommendations for system security requirements.
Vulnerability Analysis & Management: Perform and support vulnerability analysis and coordinate the vulnerability management program, including scanning, patching, and remediation for medical devices.
Threat Detection Tools: Leverage and maintain application and threat detection tools (Veracode, Snyk, GitLab, or equivalent) to identify security flaws early in the SDLC.
Incident Response: Support investigation and remediation of device-related security incidents, minimizing impact and preventing recurrence.
Data Privacy Compliance: Partner with the Privacy Team to ensure adherence to HIPAA, GDPR, and other data protection regulations.

Required Qualifications
Bachelor’s degree in Computer Science, Information Security, or related field.
6+ years of experience in information security, with direct focus on product security for medical devices.
Strong understanding of security principles, methodologies, and tools within the PDLC and SDLC.
Demonstrated experience conducting Cybersecurity Risk Assessments (CSRAs), vulnerability analysis, and working with modern threat detection tools (Veracode, Snyk, GitLab, or similar).
Familiarity with NIST Cybersecurity Framework, NIST SP 800-171, and deeper controls/frameworks such as NIST SP 800-53 (Security and Privacy Controls), NIST SP 800-92 (Log Management), and NIST SP 800-63 (Digital Identity Guidelines).
Hands-on experience with vulnerability identification and threat modeling within healthcare using methodologies such as STRIDE.
Experience operating in a regulated environment (FDA, HIPAA, GDPR, international regulatory frameworks).
Experience with medical device hardware or Software as a Medical Device (SaMD).
Experience with medical device software development and regulatory processes.
Excellent problem-solving, analytical, and communication skills, able to take a multi-siloed approach.
Ability to understand intro dependencies of teams across; mobile applications, hardware and cloud environments.
Demonstrated experience supporting 510(k) submissions, with a focus on product security documentation, risk assessments, and regulatory compliance.

Preferred Qualifications
Industry certifications such as CISSP, CISM, CISA, or medical device security–specific certifications.
Experience with international frameworks and standards (EU MDR, JIS T 2304 / IEC 62304).
Understanding penetration testing methodologies and tools, able to work with pen test teams independently with little guidance.
Proficiency with programming languages and technologies commonly used in medical device development.

Location:
Remote - US
Actual compensation may vary depending on job-related factors including knowledge, skills, experience, and work location.

Estimated Pay Range
$127,000.00 - $165,000.00
As a part of our core values, we ensure an inclusive workforce. We welcome and celebrate people of all backgrounds, experiences, skills, and perspectives. iRhythm Technologies, Inc. is an Equal Opportunity Employer. We will consider for employment all qualified applicants with arrest and conviction records in accordance with all applicable laws.

iRhythm provides reasonable accommodations for qualified individuals with disabilities in job application procedures, including those who may have any difficulty using our online system. If you need such an accommodation, you may contact us at [email protected]

About iRhythm Technologies
iRhythm is a leading digital healthcare company that creates trusted solutions that detect, predict, and prevent disease. Combining wearable biosensors and cloud-based data analytics with powerful proprietary algorithms, iRhythm distills data from millions of heartbeats into clinically actionable information. Through a relentless focus on patient care, iRhythm’s vision is to deliver better data, better insights, and better health for all.

Make iRhythm your path forward. Zio, the heart monitor that changed the game.

There have been instances where individuals not associated with iRhythm have impersonated iRhythm employees pretending to be involved in the iRhythm recruiting process, or created postings for positions that do not exist. Please note that all open positions will always be shown here on the iRhythm Careers page, and all communications regarding the application, interview and hiring process will come from a @irhythmtech.com email address. Please check any communications to be sure they come directly from @irhythmtech.com email address. If you believe you have been the victim of an imposter or want to confirm that the person you are communicating with is legitimate, please contact [email protected]. Written offers of employment will be extended in a formal offer letter from an @irhythmtech.com email address ONLY.

For more information, see https://www.ftc.gov/business-guidance/blog/2023/01/taking-ploy-out-employment-scams and https://www.ic3.gov/Media/Y2020/PSA200121

Apply To This Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Lead Product Manager, Platform & GEO Reporting

Remote

Experienced Data Entry Specialist for Online Live Chat Remote Position – Accurate and Efficient Data Management Professional for Blithequark

Remote

Cybersecurity Writer (Remote) | Eleven Writing | Remote (Worldwide)

Remote

Retail Store Associates and Stockers - 5202

Remote

Lead Cashier

Remote

Experienced Customer Service Representative – Remote Call Center Agent for Dynamic Team at arenaflex

Remote

Experienced Part-Time Customer Service Representative – Remote Career Opportunities in Customer Support and Service Delivery

Remote

Sr Analyst Pro & Services Reporting

Remote

**Experienced Data Entry Clerk - Energy Services Program Support | Remote Work Opportunity**

Remote

Experienced Bilingual Customer Service Representative – Exceptional Customer Experience at careerzynith

Remote
← Back