Product Security Analyst

FOR MORE THAN 80 YEARS, Natus has been working in collaboration with clinicians to deliver industry-leading neuro solutions that help providers more easily make sense of the body's signals.

Engineered with input from those who have lived the care experience, our technology simplifies complex processes and improves accuracy and efficiency. There is a role for everyone who wants to be part of the innovative solutions at Natus Neuro.

 Job Overview:

The Product Security Analyst embeds cybersecurity across the total product lifecycle of the Natus Neuro product portfolio from concept through post-market support. This role drives product security risk assessments, secure-by-design practices, vulnerability handling, and incident response, while supporting post-market product security and privacy due diligence (inquiries, questionnaires, and documentation). Success looks like measurable risk reduction, friction-less collaboration with engineering, while delivering timely, and accurate comprehensive product security risk assessments with detailed documentation and subject matter expert responses that maintain trust and compliance. 

Responsibilities:

1. 
   
2. Risk Management & Threat Modeling
   • Lead product security risk assessments and maintain living threat models for software, hardware, and connected systems.
   • Translate risks into actionable product/security requirements and track remediation to closure.
3. Secure Software Development Lifecycle (SSDLC)
   • Partner with product, software, firmware, hardware, systems, and test teams to embed security requirements into design inputs and verification plans.
   • Operationalize automated security controls (e.g., SAST, DAST, SCA, SBOM) and integrate results into developer workflows.
4. Vulnerability & Incident Handling
   • Triage findings from internal scans, third-party testing, and external reports; coordinate remediation, exceptions, and attestations.
   • Contribute to product-specific incident response planning, tabletop exercises, and post-incident reviews.
5. Post-market Support
   • Respond to customer product security and privacy inquiries and complete security questionnaires with precision and timeliness.
   • Provide and maintain customer-facing artifacts (e.g., security overview, SBOM summary, white paper abstracts, security advisory/bulletin summaries) consistent with internal records.
   • Join customer calls to explain product security posture, roadmap mitigations, and responsibilities in shared-responsibility scenarios.
6. Compliance, Evidence & Governance
   • Ensure deliverables and records meet applicable regulatory expectations and recognized industry frameworks.
   • Maintain high-quality documentation for audits, submissions, and due diligence packages (design controls, risk files, verification evidence, and postmarket monitoring summaries).
7. Enablement & Culture
   • Coach engineers and PMs on secure design patterns, misuse/abuse cases, and verification strategies.
   • Curate repeatable playbooks, checklists, and templates that streamline assessments and customer responses.

Experience Required:

• Bachelor's degree in Computer Science, Electrical/Computer Engineering, Cybersecurity, or related field (or equivalent experience).
• 3+ years in product/application security, security engineering, or closely related role.
• Demonstrated experience with:
  • Threat modeling and security risk assessment methodologies.
  • Vulnerability management and remediation workflows across SDLC.
  • Secure coding concepts, cryptography fundamentals, and common weakness classes (e.g., authn/z, input handling, supply chain).
• Strong written and verbal communication skills; able to translate complex technical issues for non‑technical stakeholders and customers.

Other Skills and Abilities:

• Hands-on with CI/CD security tooling and automation (code scanning, SBOM monitoring, dependency risk, container or cloud configuration checks).
• Familiarity with privacy/security questionnaires (e.g., HECVAT-style, SIG-type, or customer-specific), procurement due diligence, and evidence packaging.
• Experience interfacing with external test partners and coordinating remediation attestations.
• Relevant certifications (e.g., CISSP, CSSLP, OSCP, CEH) or equivalent practical expertise.
• Familiar with FedRAMP, ATO, SOC2, HITRUST, HIPAA
• Understanding of medical device quality systems and design control concepts is a plus.

Compensation and Benefits: Along with a competitive salary and bonus structure, Natus offers a comprehensive healthcare package that starts on your first day of employment, paid statutory holidays, 3 weeks' vacation and 7 sick days, RRSP Match, and tuition reimbursement program eligibility.
 

Be the People part of the Neuro Solution. Apply Today.

EEO Statement: Natus Medical is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, veteran status, disability, sexual orientation, gender identity, or any other protected status
 
#natus #natusjobs #natuscareers #natusneuro #Canadajobs #Remote

---