[Hiring] Staff Product Security Engineer @iRhythm Technologies, Inc.

Role Description

We are seeking a Staff Product Security Engineer with proven experience in the medical device industry. In this role, you will safeguard medical devices by identifying, assessing, and mitigating security risks unique to healthcare technology. You will collaborate with cybersecurity, systems development, product development, product management, and quality and regulatory teams to ensure that security is embedded across the product development lifecycle (PDLC) and the secure software development lifecycle (SDLC), in alignment with FDA cybersecurity requirements.

Key Responsibilities

• Cybersecurity Strategy & Leadership:
  • Provide senior-level cybersecurity leadership across product development, influencing secure design decisions at scale.
  • Drive adoption and continuous improvement of the Secure Product Development Framework (SPDF) and secure SDLC practices.
  • Translate complex cybersecurity risks into clear, actionable guidance for engineering and business stakeholders.
• Regulatory & Compliance:
  • Ensure compliance with FDA cybersecurity guidance (including Section 524B) and global data privacy regulations (HIPAA, GDPR) in partnership with Regulatory, Quality, Privacy, and Cybersecurity teams.
  • Develop and maintain cybersecurity documentation to support pre- and post-market regulatory requirements.
• Risk Management & Threat Modeling:
  • Lead and mature cybersecurity risk management practices, including threat modeling, Cybersecurity Risk Assessments (CSRAs), and security design reviews.
  • Develop and maintain threat models and data flow diagrams, incorporating considerations for patient safety, data privacy, and system integrity.
• Secure Architecture & Design:
  • Advise on and review secure architectures across embedded systems, applications, cloud, and IoMT platforms.
  • Participate in design reviews, providing actionable recommendations to strengthen system security requirements.
• Vulnerability & Security Operations:
  • Oversee vulnerability management programs, including detection, scanning, remediation, and coordinated disclosure (PSIRT).
  • Leverage application security and threat detection tools (e.g., Veracode, Snyk, GitLab) to identify and address vulnerabilities early in the SDLC.
  • Support incident response and post-market monitoring, driving root cause analysis and preventive actions.
• Software Supply Chain & SBOM:
  • Oversee SBOM management, third-party risk, and software supply chain security, ensuring transparency and risk mitigation across components.
• Cross-Functional Partnership:
  • Partner closely with Product, R&D, Quality, Regulatory, Privacy, and Cloud teams to embed security throughout the product lifecycle and ensure alignment across stakeholders.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field
• 12+ years of experience in product security or related cybersecurity roles
• Deep expertise in securing complex, software-driven and safety-critical systems
• Strong knowledge of secure design, threat modeling, vulnerability management, and SDLC practices
• Experience operating in regulated environments (FDA, HIPAA, GDPR)
• Familiarity with frameworks such as NIST, ISO 14971, IEC 62304, and related standards
• Proven ability to influence cross-functional teams and drive security outcomes
• Experience with medical devices, healthcare technology, or IoMT systems

Preferred Qualifications

• Professional certifications such as CISSP, CISM, CRISC
• Experience with CI/CD security tooling (SAST, DAST, SCA) and shift-left practices
• Familiarity with global regulatory standards (EU MDR, GDPR, ISO/IEC 81001-5-1)
• Experience supporting SBOM programs and PSIRT operations
• Understanding of penetration testing methodologies

Location

Remote - US

Estimated Pay Range

$151,000.00 - $196,000.00

Company Description

iRhythm is a leading digital healthcare company that creates trusted solutions that detect, predict, and prevent disease. Combining wearable biosensors and cloud-based data analytics with powerful proprietary algorithms, iRhythm distills data from millions of heartbeats into clinically actionable information. Through a relentless focus on patient care, iRhythm’s vision is to deliver better data, better insights, and better health for all.