Senior Product Security Analyst at iRhythm Technologies

San Francisco, California, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Healthcare, Medical DevicesIndustries

Requirements

Familiarity with Software Bill of Materials (SBOM) and ability to communicate technical details
Experience with application and threat detection tools (e.g., Veracode, Snyk, GitLab or equivalent)
Knowledge of FDA cybersecurity guidance and regulations
Understanding of HIPAA, GDPR, and other data protection regulations
Ability to conduct security risk assessments, including Cybersecurity Risk Assessments (CSRAs)
Proficiency in threat modeling, data flow diagrams, and security documentation
Experience in vulnerability analysis, scanning, patching, and remediation

Responsibilities

Ensure FDA cybersecurity compliance in collaboration with Cybersecurity, Regulatory, Quality, and Systems Development teams
Conduct comprehensive security risk assessments (CSRAs) to identify vulnerabilities and threats across device hardware, firmware, software, and cloud components
Develop and maintain device-specific cyber threat models, factoring in patient safety, data privacy, and operational continuity
Manage SBOM and communicate technical details effectively
Create and maintain cybersecurity documentation for pre- and post-market activities, ensuring regulatory alignment
Produce detailed data flow diagrams to support threat modeling
Participate in design reviews of medical device architectures and implementations, providing actionable recommendations for system security requirements
Perform and support vulnerability analysis and coordinate the vulnerability management program, including scanning, patching, and remediation for medical devices
Leverage and maintain threat detection tools to identify security flaws early in the SDLC
Support investigation and remediation of device-related security incidents, minimizing impact and preventing recurrence
Partner with the Privacy Team to ensure adherence to HIPAA, GDPR, and other data protection regulations

Skills

FDA Cybersecurity Compliance

Cybersecurity Risk Assessments

Threat Modeling

SBOM Management

Vulnerability Analysis

Vulnerability Management

Security Documentation

Data Flow Diagrams

Security Design Reviews

iRhythm Technologies

Advanced cardiac monitoring solutions provider

About iRhythm Technologies

iRhythm Technologies focuses on cardiac monitoring solutions, with its main product being the Zio Patch, a wearable device that tracks heart rhythms for up to 14 days. This extended monitoring helps healthcare providers detect irregular heart rhythms that shorter monitoring might miss, making it especially useful for patients at risk. The company serves both patients and healthcare providers, generating revenue by selling the Zio Patch and offering data analysis services to interpret the collected heart data. iRhythm aims to improve patient outcomes and streamline healthcare workflows in the cardiac health sector.

San Francisco, CaliforniaHeadquarters

2006Year Founded

$102.8MTotal Funding

IPOCompany Stage

Biotechnology, HealthcareIndustries

1,001-5,000Employees