×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Information Security Network Security

Product Security Penetration Tester

Job in Oakville, Ontario, B8B, Canada
Listing for: Natus Medical Incorporated
Full Time position
Listed on 2026-03-10
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Information Security, Network Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 CAD Yearly CAD 60000.00 80000.00 YEAR
Job Description & How to Apply Below

FOR MORE THAN 80 YEARS
, Natus has been working in collaboration with clinicians to deliver industry‑leading neuro solutions that help providers more easily make sense of the body’s signals.

Engineered with input from those who have lived the care experience, our technology simplifies complex processes and improves accuracy and efficiency. There is a role for everyone who wants to be part of the innovative solutions at Natus Neuro.

Summary

We are seeking an experienced Product Security Penetration Tester to perform hands‑on security testing of medical devices and clinical software systems deployed across a wide range of real‑world healthcare environments.

This role focuses on offensive security testing of products, including systems that operate as standalone devices, clinical workstations, and mobile components within customer‑managed networks. The successful candidate will work closely with Product Security and Engineering to identify exploitable weaknesses, validate threat models, and provide clear, actionable findings that directly inform risk assessments, security requirements, and verification activities.

Responsibilities
  • Penetration Testing & Exploitation
  • Perform manual and automated penetration testing of:
    • Medical devices and bedside systems
    • Clinical software running on workstation and mobile platforms
    • Device to device and system to system communication paths
  • Assess security across:
    • Physical access and local interfaces
    • Operating system and application layers
    • Network exposure within customer environments
    • Authentication, authorization, and privilege boundaries
    • Update, provisioning, and configuration mechanisms
  • Focus on realistic attacker behavior, not theoretical vulnerabilities
  • Assess security of systems that include optional or supporting cloud‑based services as part of product workflows.
  • Product Focused Security Assessment
  • Validate exploitability of issues identified through:
    • Threat modeling
    • Architecture reviews
    • Vulnerability scanning and SBOM analysis
  • Test systems with legacy constraints, limited resources, or long lifecycle expectations
  • Evaluate security risks in the context of clinical use, availability, and safety
  • Reporting & Collaboration
  • Produce clear, structured penetration test reports that include:
    • Reproducible steps and supporting evidence
    • Impact assessment in clinical and operational context
    • Practical, product appropriate remediation guidance
  • Partner with Product Security to:
    • Support CVSS scoring and risk classification
    • Validate mitigations and compensating controls
    • Retest fixes and confirm closure
  • Work collaboratively with Engineering and Test teams without acting as a gatekeeper or compliance authority
Experience Required
  • Technical Skills
    • Strong hands on experience with penetration testing across:
      • Networked products and systems
      • Operating systems and applications
      • Devices deployed in customer managed environments
    • Experience testing:
      • Authentication and authorization mechanisms
      • Privilege boundaries and lateral movement scenarios
      • Configuration and update workflows
      • Secure communication paths and trust assumptions
    • Familiarity with common offensive security tools and techniques
  • Experience
    • 5+ years of hands on penetration testing or offensive security experience
    • Demonstrated ability to test products, not just enterprise IT environments
    • Experience working directly with engineering teams on remediation, verification, and validation
Certificates, Licences, Registrations
  • A professional security management certification or is working towards obtaining a professional security management certification such as:
    • OSCP – Offensive Security Certified Professional
    • OSEP / OSWE / OSEE – Advanced Off Sec certifications
    • GIAC GPEN – Penetration Tester
    • GIAC GXPN – Exploit Researcher & Advanced Pentester
    • GIAC GMOB – Mobile Device Security Analyst
    • CREST CRT / Registered Penetration Tester
Other

Skills And Abilities
  • Experience with medical devices, IoMT, or safety critical systems
  • Exposure to systems with mixed platforms (e.g., workstation, mobile, embedded)
  • Embedded systems, firmware, or hardware testing experience
  • Familiarity with:
    • CVSS (v3.1 or v4)
    • Threat modeling methodologies (e.g., STRIDE, PASTA, Attack Trees, CIA)
    • Software supply chain and dependency risk
    • Expe…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search