Product Security Manager

Security EngineerSecurity EngineerFull TimeRemoteLeadTeam 1,001-5,000Since 2006H1B No SponsorCompany SiteLinkedIn

Location

United States

Posted

1 day ago

Salary

$127K - $165K / year

Seniority

Lead

Bachelor Degree8 yrs expEnglishCloudCyber SecuritySDLC

Job Description

Product Security Manager

iRhythm Technologies, Inc.

• Ensure compliance with FDA cybersecurity guidance and regulations in collaboration with Cybersecurity, Regulatory, Quality, and Systems Development teams. • Conduct comprehensive security risk assessments, including Cybersecurity Risk Assessments (CSRAs), to identify vulnerabilities and threats across device hardware, firmware, software, and cloud components. • Develop and maintain device-specific cyber threat models, factoring in patient safety, data privacy, and operational continuity. • Demonstrate familiarity with Software Bill of Materials (SBOM) and effectively communicate technical details. • Create and maintain cybersecurity documentation for pre- and post-market activities, ensuring regulatory alignment. • Produce detailed data flow diagrams to support the threat modeling process. • Participate in design reviews of medical device architectures and implementations, providing actionable recommendations for system security requirements. • Perform and support vulnerability analysis and coordinate the vulnerability management program, including scanning, patching, and remediation for medical devices. • Leverage and maintain application and threat detection tools (Veracode, Snyk, GitLab, or equivalent) to identify security flaws early in the SDLC. • Support investigation and remediation of device-related security incidents, minimizing impact and preventing recurrence. • Partner with the Privacy Team to ensure adherence to HIPAA, GDPR, and other data protection regulations.

Job Requirements

  • Bachelor’s degree in Computer Science, Information Security, or related field.
  • 8+ years of experience in information security, with direct focus on product security for medical devices.
  • Strong understanding of security principles, methodologies, and tools within the PDLC and SDLC.
  • Demonstrated experience conducting Cybersecurity Risk Assessments (CSRAs), vulnerability analysis, and working with modern threat detection tools (Veracode, Snyk, GitLab, or similar).
  • Familiarity with NIST Cybersecurity Framework, NIST SP 800-171, and deeper controls/frameworks such as NIST SP 800-53 (Security and Privacy Controls), NIST SP 800-92 (Log Management), and NIST SP 800-63 (Digital Identity Guidelines).
  • Hands-on experience with vulnerability identification and threat modeling within healthcare using methodologies such as STRIDE.
  • Experience operating in a regulated environment (FDA, HIPAA, GDPR, international regulatory frameworks).
  • Experience with medical device hardware or Software as a Medical Device (SaMD).
  • Experience with medical device software development and regulatory processes.
  • Excellent problem-solving, analytical, and communication skills, able to take a multi-siloed approach.
  • Ability to understand intro dependencies of teams across; mobile applications, hardware and cloud environments.
  • Proven track record of 510k experience and completion.

Benefits

  • Reasonable accommodations for qualified individuals with disabilities in job application procedures

Related Categories

Related Job Pages

More Security Engineer Jobs

Cloud Software Group logo

Principal Solution Specialist – Citrix Security Products

Cloud Software Group

Enabling customers to evolve, compete & succeed in data, automation, insight, and collaboration.

Full TimeRemoteTeam 10,001+H1B No Sponsor

• Own the technical sales strategy for global, enterprise-level accounts • Lead discovery sessions, whiteboard architectures, deliver compelling product demonstrations, manage complex Proof of Concepts/Values (PoC/PoV), and drive the product adoption from initial adoption to mass rollout stage • Design tailored solutions that integrate our Enterprise Browser and ZTNA products into the customer's existing security ecosystem • Build deep technical relationships with key customer stakeholders • Represent Citrix and Cloud Software Group at industry conferences, webinars, and regional events • Act as the voice of the customer and work directly with Product Management and Engineering to influence the product roadmap

United Kingdom
Full TimeRemoteTeam 1,001-5,000Since 1983H1B No Sponsor

• Creation, development and automation of reports and analyses in the field of information security • Support in preparing reports, documentation and tracking of actions in IT security and emergency management • Coordination and monitoring of vulnerabilities, malware reports and security incidents • Research and assessment of current cyber threats and support in risk analyses (Threat Intelligence) • Monitoring schedules, deadlines and security-related measures • Preparation and follow-up of meetings, including minute-taking • Supporting the Information Security Officers and the team lead in day-to-day operations

Germany
United Airlines logo

Principal Architect - Digital Risk and Resilience

United Airlines

United Airlines is a publicly-traded, global airline operating over 4,500 flights every day to more than 335 airports on five continents. In the past, the company has supported fle

Role Description Connecting People. Uniting the World. There’s never been a more exciting time to join United Airlines! As a global company that operates in hundreds of locations around the world — with millions of customers and tens of thousands of employees — we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly. We’re on a path to becoming the best airline in aviation history. Join our Cybersecurity and Digital Risk (CDR) team to help lead the industry in cyber safety, security and resilience. United's CDR team plays a critical role in protecting our operations by enabling secure and resilient systems, managing threats and vulnerabilities, and ensuring swift response and recovery. Our mission is to seamlessly embed cybersecurity and digital risk management into every aspect of our business. The Principal Architect – Digital Risk and Resilience is part of a Cybersecurity team that shapes how the enterprise makes risk-informed decisions across technology, operations, and the business. This role drives high-visibility, cross-functional work to integrate Digital Risk Management with partners in Cybersecurity and Digital Risk, Digital Technology, and business owners of risk, helping the enterprise identify, assess, and govern systemic digital risk across critical operational capabilities. - Lead enterprise-level integration of Digital Risk Management with partners across Cybersecurity and Digital Risk, Digital Technology, and the business. - Design, implement, and mature monitoring, visibility, and response-readiness capabilities. - Establish and evolve the enterprise resilience program by defining key resilience indicators. - Develop practical models, methods, and frameworks for evaluating systemic digital risk. - Improve risk prioritization and decision support at scale by partnering with technical and business stakeholders. - Assess and integrate emerging systemic risk drivers into enterprise governance and resilience planning. - Conduct structured failure simulation and systemic stress testing to assess resilience across critical capabilities. Qualifications - Bachelor's degree in Cybersecurity, Information Technology, Engineering, Risk Management, or a related field. - 5+ years of experience in cybersecurity, digital risk, operational resilience, business continuity, technology risk, or related disciplines. - Experience applying governance, risk, and compliance concepts and enterprise risk management practices. - Knowledge of digital resilience, operational resilience, and business continuity concepts. - Working knowledge of relevant technology domains such as cloud, software development, data platforms, identity, infrastructure, integrations, and security architecture concepts. - Skill in building practical risk and resiliency models. - Experience designing or operationalizing monitoring, metrics, or governance mechanisms. - Ability to lead change through influence and communicate complex concepts clearly. - Strong problem solving, critical thinking, interpersonal, collaboration, written, and verbal communication skills. - Must be legally authorized to work in the United States for any employer without sponsorship. - Successful completion of interview required to meet job qualification. - Reliable, punctual attendance is an essential function of the position. Requirements - Master's degree in Cybersecurity, Information Technology, Engineering, Risk Management, or a related field (Preferred). - Certification such as CISA, CRISC, CISSP, or CISM (Preferred). - Experience with operational resilience, dependency mapping, enterprise risk governance, or critical service resiliency (Preferred). - Expert knowledge of governance, risk, and compliance concepts and enterprise risk management practices (Preferred). - Knowledge of emerging risk drivers, including AI risk management and AI governance practices (Preferred). - Knowledge of recognized resilience risk management frameworks (Preferred). Benefits - Medical, dental, vision, life, accident & disability insurance. - Parental leave. - Employee assistance program. - Commuter benefits. - Paid holidays and paid time off. - 401(k) plan. - Flight privileges.

United States
$140.6K - $183.1K / year

Product Cybersecurity Architect

Bausch+Lomb Companies Inc.

Bausch + Lomb (NYSE/TSX: BLCO) is a leading global eye health company dedicated to protecting and enhancing the gift of sight for millions of people around the world—from the moment of birth through every phase of life. Our mission is simple, yet powerful: helping you see better, to live better. Our comprehensive portfolio of over 400 products is fully integrated and built to serve our customers across the full spectrum of their eye health needs throughout their lives. Our iconic brand is built on the deep trust and loyalty of our customers established over our 170-year history. We have a significant global research, development, manufacturing and commercial footprint of approximately 13,000 employees and a presence in approximately 100 countries, extending our reach to billions of potential customers across the globe. We have long been associated with many of the most significant advances in eye health, and we believe we are well positioned to continue leading the advancement of eye health in the future.

Role Description Join the Surgical R&D organization in a role where you will help ensure the cybersecurity, safety, and reliability of innovative surgical products that support patient care. In this position, you will be responsible for embedding secure-by-design practices throughout the product lifecycle while partnering with engineering, quality, regulatory, and corporate security teams to deliver compliant and resilient solutions. This is a strong opportunity for someone who brings deep product security expertise, strong cross-functional collaboration skills, and a passion for advancing cybersecurity within a regulated medical device environment. What You'll Do - Architect and implement a consistent cybersecurity strategy across surgical capital equipment product lines to establish a scalable and secure product ecosystem. - Embed secure-by-design principles throughout the product lifecycle, providing guidance on secure architecture, threat modeling, design controls, cryptography, and secure communication protocols. - Lead execution of cybersecurity requirements across development programs, ensuring alignment with regulatory expectations, corporate standards, and product quality objectives. - Coordinate vulnerability management activities, including intake, triage, risk assessment, remediation tracking, and documentation of product security issues through closure. - Serve as the Surgical R&D cybersecurity representative for vulnerability disclosure and incident response activities, supporting investigations, impact assessments, root cause analyses, and remediation efforts. - Partner with engineering teams to implement security testing practices, including SAST, DAST, SCA, penetration testing, and automated security controls within development pipelines. - Support supplier and third-party security initiatives by defining security requirements, managing software supply chain risks, and maintaining Software Bill of Materials (SBOM) processes. - Collaborate with Quality, Regulatory Affairs, IT, and Corporate Product Security teams to ensure compliance with evolving cybersecurity regulations and industry standards while enabling efficient product delivery. Qualifications - Bachelor's degree in Engineering, Computer Science, Cybersecurity, or a related technical discipline. - 7+ years of experience in product security, application security, medical device cybersecurity, or software security within a regulated environment. - Demonstrated experience supporting or leading cybersecurity activities for medical device or other regulated product development programs. - Strong communication, collaboration, stakeholder management, and problem-solving skills. - Ability to translate technical cybersecurity risks into clear, actionable guidance for engineering, quality, and regulatory stakeholders. Requirements - Strong expertise in secure product design, threat modeling, vulnerability management, and secure software development practices. - Working knowledge of connected device security, embedded systems, and software-enabled product architectures. - Experience with security testing tools and methodologies, including SAST, DAST, SCA, and penetration testing. - Understanding of software supply chain security practices, including SBOM development and third-party risk management. - Experience working across cross-functional and global teams to drive cybersecurity outcomes and influence stakeholders without direct authority. - Knowledge of secure development lifecycle (SDLC) frameworks, vulnerability disclosure processes, and product incident response activities. - Familiarity with cybersecurity governance, risk assessment, and compliance processes within regulated industries. Preferred - Advanced degree in Cybersecurity, Computer Science, Engineering, or a related field. - Relevant industry certifications such as CISSP, CSSLP, OSCP, GWAPT, or equivalent. - Experience in medical device, healthcare, or other regulated industries, and/or working within a quality-managed or GxP regulated environment. - Working knowledge of medical device cybersecurity regulations and standards (e.g., FDA premarket/post market guidance, IEC 81001-5-1, AAMI TIR57, UL 2900, NIST frameworks). - Experience developing cybersecurity documentation to support regulatory submissions and audits. Benefits - Eligible for short-term and/or long-term incentives. - Medical, dental, vision insurance, disability and life insurance. - 401(k) plan and company match. - Tuition reimbursement program (select degrees). - Company holidays and well-being benefits. - Eligible for sick time, floating holidays, and paid vacation.

United States
$140K - $180K / year