Staff Product Security Engineer
Career-defining. Life-changing. At iRhythm, you’ll have the opportunity to grow your skills and your career while impacting the lives of people around the world. iRhythm is shaping a future where everyone, everywhere can access the best possible cardiac health solutions. Every day, we collaborate, create, and constantly reimagine what’s possible. We think big and move fast, driven by our commitment to put patients first and improve lives. We need builders like you. Curious and innovative problem solvers looking for the chance to meaningfully shape the future of cardiac health, our company, and your career About This Role: We are seeking a Staff Product Security Engineer with proven experience in the medical device industry. In this role, you will safeguard medical devices by identifying, assessing, and mitigating security risks unique to healthcare technology. You will collaborate with cybersecurity, systems development, product development, product management, and quality and regulatory teams to ensure that security is embedded across the product development lifecycle (PDLC) and the secure software development lifecycle (SDLC), in alignment with FDA cybersecurity requirements.
Key Responsibilities
Cybersecurity Strategy & Leadership Provide senior-level cybersecurity leadership across product development, influencing secure design decisions at scale. Drive adoption and continuous improvement of the Secure Product Development Framework (SPDF) and secure SDLC practices. Translate complex cybersecurity risks into clear, actionable guidance for engineering and business stakeholders. Regulatory & Compliance Ensure compliance with FDA cybersecurity guidance (including Section 524B) and global data privacy regulations (HIPAA, GDPR) in partnership with Regulatory, Quality, Privacy, and Cybersecurity teams. Develop and maintain cybersecurity documentation to support pre- and post-market regulatory requirements. Risk Management & Threat Modeling Lead and mature cybersecurity risk management practices, including threat modeling, Cybersecurity Risk Assessments (CSRAs), and security design reviews. Develop and maintain threat models and data flow diagrams, incorporating considerations for patient safety, data privacy, and system integrity. Secure Architecture & Design Advise on and review secure architectures across embedded systems, applications, cloud, and IoMT platforms. Participate in design reviews, providing actionable recommendations to strengthen system security requirements. Vulnerability & Security Operations Oversee vulnerability management programs, including detection, scanning, remediation, and coordinated disclosure (PSIRT). Leverage application security and threat detection tools (e.g., Veracode, Snyk, GitLab) to identify and address vulnerabilities early in the SDLC. Support incident response and post-market monitoring, driving root cause analysis and preventive actions. Software Supply Chain & SBOM Oversee SBOM management, third-party risk, and software supply chain security, ensuring transparency and risk mitigation across components. Cross-Functional Partnership Partner closely with Product, R&D, Quality, Regulatory, Privacy, and Cloud teams to embed security throughout the product lifecycle and ensure alignment across stakeholders.
Required Qualifications
Bachelor’s degree in Computer Science, Information Security, or related field 12+ years of experience in product security or related cybersecurity roles Deep expertise in securing complex, software-driven and safety-critical systems Strong knowledge of secure design, threat modeling, vulnerability management, and SDLC practices Experience operating in regulated environments (FDA, HIPAA, GDPR) Familiarity with frameworks such as NIST, ISO 14971, IEC 62304, and related standards Proven ability to influence cross-functional teams and drive security outcomes Experience with medical devices, healthcare technology, or IoMT systems Preferred Qualifications Professional certifications such as CISSP, CISM, CRISC Experience with CI/CD security tooling (SAST, DAST, SCA) and shift-left practices Familiarity with global regulatory standards (EU MDR, GDPR, ISO/IEC 81001-5-1) Experience supporting SBOM programs and PSIRT operations Understanding of penetration testing methodologies Location: Remote - US Actual compensation may vary depending on job-related factors including knowledge, skills, experience, and work location. Estimated Pay Range $151,000.00 - $196,000.00 As a part of our core values, we ensure an inclusive workforce. We welcome and celebrate people of all backgrounds, experiences, skills, and perspectives. iRhythm Technologies, Inc. is an Equal Opportunity Employer. We will consider for employment all qualified applicants with arrest and conviction records in accordance with all applicable laws. iRhythm provides reasonable accommodations for qualified individuals with disabilities in job application procedures, including those who may have any difficulty using our online system. If you need such an accommodation, you may contact us at [email protected] About iRhythm Technologies iRhythm is a leading digital healthcare company that creates trusted solutions that detect, predict, and prevent disease. Combining wearable biosensors and cloud-based data analytics with powerful proprietary algorithms, iRhythm distills data from millions of heartbeats into clinically actionable information. Through a relentless focus on patient care, iRhythm’s vision is to deliver better data, better insights, and better health for all. Make iRhythm your path forward. Zio, the heart monitor that changed the game. There have been instances where individuals not associated with iRhythm have impersonated iRhythm employees pretending to be involved in the iRhythm recruiting process, or created postings for positions that do not exist. Please note that all open positions will always be shown here on the iRhythm Careers page, and all communications regarding the application, interview and hiring process will come from a @irhythmtech.com email address. Please check any communications to be sure they come directly from @irhythmtech.com email address. If you believe you have been the victim of an imposter or want to confirm that the person you are communicating with is legitimate, please contact [email protected]. Written offers of employment will be extended in a formal offer letter from an @irhythmtech.com email address ONLY. For more information, see https://www.ftc.gov/business-guidance/blog/2023/01/taking-ploy-out-employment-scams and https://www.ic3.gov/Media/Y2020/PSA200121 At iRhythm, you'll have the opportunity to grow your skills and your career while impacting the lives of people around the world. Together, we are reimagining the way cardiac arrhythmias are diagnosed. We need curious problem solvers like you. With opportunities remotely, at our office, in manufacturing, and in locations across the globe, this is your chance to meaningfully shape the future of cardiac health, our company, and your career. Driven By Purpose - Cardiac health touches the lives of people all around us. Providing life-changing healthcare solutions that impact patients around the world drives us to bring our best every single day. Growth Means Opportunity - We are growing rapidly. And with that growth comes a wealth of opportunities to learn and advance at iRhythm. The potential to deepen your impact, seek new opportunities, and advance your career is yours to pursue. Build the Future - We are a boundary-pushing organization that values innovative thinking and impacts healthcare at a global level. The expectation is to think big and build the future you see for iRhythm, our patients, and yourself. Introduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match. Apply tot his job Apply To this Job