FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Staff Product Security Engineer
iRhythm Technologies, Inc.Staff Product Security Engineer safeguarding medical devices by managing cybersecurity risks. Collaborating across teams to ensure secure product development lifecycle in alignment with FDA cybersecurity requirements.
Tech Stack
Tools & technologiesCloudCyber SecuritySDLC
About the role
Key responsibilities & impact- Provide senior-level cybersecurity leadership across product development, influencing secure design decisions at scale.
- Drive adoption and continuous improvement of the Secure Product Development Framework (SPDF) and secure SDLC practices.
- Translate complex cybersecurity risks into clear, actionable guidance for engineering and business stakeholders.
- Ensure compliance with FDA cybersecurity guidance (including Section 524B) and global data privacy regulations (HIPAA, GDPR) in partnership with Regulatory, Quality, Privacy, and Cybersecurity teams.
- Develop and maintain cybersecurity documentation to support pre- and post-market regulatory requirements.
- Lead and mature cybersecurity risk management practices, including threat modeling, Cybersecurity Risk Assessments (CSRAs), and security design reviews.
- Develop and maintain threat models and data flow diagrams, incorporating considerations for patient safety, data privacy, and system integrity.
- Advise on and review secure architectures across embedded systems, applications, cloud, and IoMT platforms.
- Participate in design reviews, providing actionable recommendations to strengthen system security requirements.
- Oversee vulnerability management programs, including detection, scanning, remediation, and coordinated disclosure (PSIRT).
- Leverage application security and threat detection tools (e.g., Veracode, Snyk, GitLab) to identify and address vulnerabilities early in the SDLC.
- Support incident response and post-market monitoring, driving root cause analysis and preventive actions.
- Oversee SBOM management, third-party risk, and software supply chain security, ensuring transparency and risk mitigation across components.
- Partner closely with Product, R&D, Quality, Regulatory, Privacy, and Cloud teams to embed security throughout the product lifecycle and ensure alignment across stakeholders.
Requirements
What you’ll need- Bachelor’s degree in Computer Science, Information Security, or related field
- 12+ years of experience in product security or related cybersecurity roles
- Deep expertise in securing complex, software-driven and safety-critical systems
- Strong knowledge of secure design, threat modeling, vulnerability management, and SDLC practices
- Experience operating in regulated environments (FDA, HIPAA, GDPR)
- Familiarity with frameworks such as NIST, ISO 14971, IEC 62304, and related standards
- Proven ability to influence cross-functional teams and drive security outcomes
- Experience with medical devices, healthcare technology, or IoMT systems
Benefits
Comp & perks- Health insurance
- Flexible work arrangements
- Professional development opportunities
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
cybersecurity leadershipsecure product development frameworksecure SDLC practicesthreat modelingcybersecurity risk assessmentssecurity design reviewsvulnerability managementapplication securitythreat detectionSBOM management
Soft Skills
influencingcommunicationcollaborationproblem-solvingcross-functional teamworkactionable guidancerecommendationsroot cause analysispreventive actionsstakeholder alignment