iRhythm
Career-defining. Life-changing.
At iRhythm you’ll have the opportunity to grow your skills and your career while impacting the lives of people around the world. iRhythm is shaping a future where everyone everywhere can access the best possible cardiac health solutions. Every day we collaborate, create and constantly reimagine whats possible. We think big and move fast driven by our commitment to put patients first and improve lives. We need builders like you. Curious and innovative problem solvers looking for the chance to meaningfully shape the future of cardiac health our company and your career.
About This Role : Key Responsibilities
FDA Cybersecurity Compliance: Ensure compliance with FDA cybersecurity guidance and regulations in collaboration with Cybersecurity Regulatory Quality and Systems Development teams.
Risk Assessments & CSRAs: Conduct comprehensive security risk assessments including Cybersecurity Risk Assessments (CSRAs) to identify vulnerabilities and threats across device hardware, firmware, software and cloud components.
Threat Modeling: Develop and maintain device-specific cyber threat models factoring in patient safety, data privacy and operational continuity.
SBOM Management: Demonstrate familiarity with Software Bill of Materials (SBOM) and effectively communicate technical details.
Security Documentation: Create and maintain cybersecurity documentation for pre‑ and post‑market activities ensuring regulatory alignment.
Data Flow Diagrams: Produce detailed data flow diagrams to support the threat modeling process.
Security Design Reviews: Participate in design reviews of medical device architectures and implementations providing actionable recommendations for system security requirements.
Vulnerability Analysis & Management: Perform and support vulnerability analysis and coordinate the vulnerability management program including scanning, patching and remediation for medical devices.
Threat Detection Tools: Leverage and maintain application and threat detection tools (Veracode, Snyk, GitLab or equivalent) to identify security flaws early in the SDLC.
Incident Response: Support investigation and remediation of device‑related security incidents minimizing impact and preventing recurrence.
Data Privacy Compliance: Partner with the Privacy Team to ensure adherence to HIPAA, GDPR and other data protection regulations.
Required Qualifications
Bachelor's degree in Computer Science, Information Security or related field.
8 years of experience in information security with a direct focus on product security for medical devices.
Strong understanding of security principles, methodologies and tools within the PDLC and SDLC.
Demonstrated experience conducting Cybersecurity Risk Assessments (CSRAs) vulnerability analysis and working with modern threat detection tools (Veracode, Snyk, GitLab or similar).
Familiarity with NIST Cybersecurity Framework, NIST SP 800‑171 and deeper controls/frameworks such as NIST SP 800‑53, NIST SP 800‑92 and NIST SP 800‑63.
Hands‑on experience with vulnerability identification and threat modeling within healthcare using methodologies such as STRIDE.
Experience operating in a regulated environment (FDA, HIPAA, GDPR, international regulatory frameworks).
Experience with medical device hardware or Software as a Medical Device (SaMD).
Experience with medical device software development and regulatory processes.
Excellent problem‑solving, analytical and communication skills able to take a multi‑siloed approach.
Ability to understand the dependencies of teams across mobile applications, hardware and cloud environments.
Proven track record of 510(k) experience and completion.
Preferred Qualifications
Industry certifications such as CISSP, CISM, CISA or medical device security‑specific certifications.
Experience with international frameworks and standards (EU MDR, JIS T 2304 / IEC 62304).
Understanding of penetration testing methodologies and tools able to work with pen‑test teams independently with little guidance.
Proficiency with programming languages and technologies commonly used in medical device development.
Location San Francisco
Estimated Pay Range $141,450.00 - $184,000.00
Actual compensation may vary depending on job‑related factors including knowledge, skills, experience and work location.
iRhythm is an Equal Opportunity Employer. We will consider applicants with arrest and conviction records in accordance with all applicable laws.
iRhythm provides reasonable accommodations for qualified individuals with disabilities in job application procedures including those who may have any difficulty using our online system. If you need such an accommodation you may contact us at
#J-18808-Ljbffr
At iRhythm you’ll have the opportunity to grow your skills and your career while impacting the lives of people around the world. iRhythm is shaping a future where everyone everywhere can access the best possible cardiac health solutions. Every day we collaborate, create and constantly reimagine whats possible. We think big and move fast driven by our commitment to put patients first and improve lives. We need builders like you. Curious and innovative problem solvers looking for the chance to meaningfully shape the future of cardiac health our company and your career.
About This Role : Key Responsibilities
FDA Cybersecurity Compliance: Ensure compliance with FDA cybersecurity guidance and regulations in collaboration with Cybersecurity Regulatory Quality and Systems Development teams.
Risk Assessments & CSRAs: Conduct comprehensive security risk assessments including Cybersecurity Risk Assessments (CSRAs) to identify vulnerabilities and threats across device hardware, firmware, software and cloud components.
Threat Modeling: Develop and maintain device-specific cyber threat models factoring in patient safety, data privacy and operational continuity.
SBOM Management: Demonstrate familiarity with Software Bill of Materials (SBOM) and effectively communicate technical details.
Security Documentation: Create and maintain cybersecurity documentation for pre‑ and post‑market activities ensuring regulatory alignment.
Data Flow Diagrams: Produce detailed data flow diagrams to support the threat modeling process.
Security Design Reviews: Participate in design reviews of medical device architectures and implementations providing actionable recommendations for system security requirements.
Vulnerability Analysis & Management: Perform and support vulnerability analysis and coordinate the vulnerability management program including scanning, patching and remediation for medical devices.
Threat Detection Tools: Leverage and maintain application and threat detection tools (Veracode, Snyk, GitLab or equivalent) to identify security flaws early in the SDLC.
Incident Response: Support investigation and remediation of device‑related security incidents minimizing impact and preventing recurrence.
Data Privacy Compliance: Partner with the Privacy Team to ensure adherence to HIPAA, GDPR and other data protection regulations.
Required Qualifications
Bachelor's degree in Computer Science, Information Security or related field.
8 years of experience in information security with a direct focus on product security for medical devices.
Strong understanding of security principles, methodologies and tools within the PDLC and SDLC.
Demonstrated experience conducting Cybersecurity Risk Assessments (CSRAs) vulnerability analysis and working with modern threat detection tools (Veracode, Snyk, GitLab or similar).
Familiarity with NIST Cybersecurity Framework, NIST SP 800‑171 and deeper controls/frameworks such as NIST SP 800‑53, NIST SP 800‑92 and NIST SP 800‑63.
Hands‑on experience with vulnerability identification and threat modeling within healthcare using methodologies such as STRIDE.
Experience operating in a regulated environment (FDA, HIPAA, GDPR, international regulatory frameworks).
Experience with medical device hardware or Software as a Medical Device (SaMD).
Experience with medical device software development and regulatory processes.
Excellent problem‑solving, analytical and communication skills able to take a multi‑siloed approach.
Ability to understand the dependencies of teams across mobile applications, hardware and cloud environments.
Proven track record of 510(k) experience and completion.
Preferred Qualifications
Industry certifications such as CISSP, CISM, CISA or medical device security‑specific certifications.
Experience with international frameworks and standards (EU MDR, JIS T 2304 / IEC 62304).
Understanding of penetration testing methodologies and tools able to work with pen‑test teams independently with little guidance.
Proficiency with programming languages and technologies commonly used in medical device development.
Location San Francisco
Estimated Pay Range $141,450.00 - $184,000.00
Actual compensation may vary depending on job‑related factors including knowledge, skills, experience and work location.
iRhythm is an Equal Opportunity Employer. We will consider applicants with arrest and conviction records in accordance with all applicable laws.
iRhythm provides reasonable accommodations for qualified individuals with disabilities in job application procedures including those who may have any difficulty using our online system. If you need such an accommodation you may contact us at
#J-18808-Ljbffr