iRhythm Technologies, Inc.
Staff Product Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About iRhythm Technologies, Inc.
iRhythm Technologies, Inc. is a digital healthcare company based in San Francisco, California, focused on cardiac monitoring solutions. The company aims to innovate the management of cardiac arrhythmias through its advanced wearable biosensing technology, cloud-based data analytics, and FDA-cleared AI algorithms. With a workforce of around 2,000 employees, iRhythm has served over 8 million patients and analyzed more than 1.5 billion hours of heartbeat data. The core offering of iRhythm is the iRhythm monitoring service, which includes patient-friendly Zio ECG monitors designed for comfort and high compliance. This service features AI-powered analysis that is clinically proven to match the accuracy of expert cardiologists. The cloud-based analytics process data for precise arrhythmia detection, generating actionable reports that enhance clinical outcomes. iRhythm is committed to providing trusted digital health solutions that improve the detection, prediction, and prevention of cardiac diseases.
Security at iRhythm Technologies, Inc.
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- The team focuses on driving security through structured frameworks and regulatory alignment.
- The stated AppSec mission is to help drive forward focus on application security, threat modeling, and penetration testing.
- The team emphasizes providing actionable guidance rather than just blocking—translating complex cybersecurity risks into clear, actionable guidance for engineering and business stakeholders. iRhythm utilizes a risk-based approach centered on threat modeling and NIST standards.
- A key goal is the continuous improvement of the Secure Product Development Framework (SPDF) and integration into development workflows.
Security Team
- The AppSec team includes specialized roles for Application and Product Security, with evidence of a centralized security leadership under a CISO (Orus Dearman).
- Key team members include Amna Ziauddin, Senior Product Security Analyst.
- The team is estimated as a small-to-midsize specialized team based on job volume.
- There are 2+ active AppSec job postings including Senior Cyber Security Analyst and Staff Product Security Engineer roles.
- Common skill/tool patterns emphasize NIST frameworks, threat modeling, and managing the Secure Product Development Framework (SPDF).
- Exact reporting lines between Product Security and the CISO are not explicitly stated.
Key Initiatives
The team integrates security into the development framework through a Secure Product Development Framework (SPDF) and secure SDLC practices. Vulnerability management includes scanning and coordinated disclosure (PSIRT). The team is responsible for regulatory documentation and threat models to support FDA 510(k) filings. Recent initiatives focus on supply chain security and SBOM management. Specific MTTR (Mean Time to Remediate) or SLA metrics are not publicly disclosed. No Security Champions Program evidence was found.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.