FOR MORE THAN 80 YEARS , Natus has been working in collaboration with clinicians to deliver industry-leading neuro solutions that help providers more easily make sense of the body’s signals.

Engineered with input from those who have lived the care experience, our technology simplifies complex processes and improves accuracy and efficiency. There is a role for everyone who wants to be part of the innovative solutions at Natus Neuro.

Summary We are seeking an experienced Product Security Penetration Tester to perform hands‑on security testing of medical devices and clinical software systems deployed across a wide range of real‑world healthcare environments.

This role focuses on offensive security testing of products, including systems that operate as standalone devices, clinical workstations, and mobile components within customer‑managed networks. The successful candidate will work closely with Product Security and Engineering to identify exploitable weaknesses, validate threat models, and provide clear, actionable findings that directly inform risk assessments, security requirements, and verification activities.

Responsibilities:

• Penetration Testing & Exploitation
• Perform manual and automated penetration testing of:
• Medical devices and bedside systems
• Clinical software running on workstation and mobile platforms
• Device to device and system to system communication paths
• Assess security across:
• Physical access and local interfaces
• Operating system and application layers
• Network exposure within customer environments
• Authentication, authorization, and privilege boundaries
• Update, provisioning, and configuration mechanisms
• Focus on realistic attacker behavior, not theoretical vulnerabilities
• Assess security of systems that include optional or supporting cloud‑based services as part of product workflows.
• Product Focused Security Assessment
• Validate exploitability of issues identified through:
• Threat modeling
• Architecture reviews
• Vulnerability scanning and SBOM analysis
• Test systems with legacy constraints, limited resources, or long lifecycle expectations
• Evaluate security risks in the context of clinical use, availability, and safety
• Reporting & Collaboration
• Produce clear, structured penetration test reports that include:
• Reproducible steps and supporting evidence
• Impact assessment in clinical and operational context
• Practical, product appropriate remediation guidance
• Partner with Product Security to:
• Support CVSS scoring and risk classification
• Validate mitigations and compensating controls
• Retest fixes and confirm closure
• Work collaboratively with Engineering and Test teams without acting as a gatekeeper or compliance authority

Experience Required:

• Technical Skills
• Strong hands on experience with penetration testing across:
• Networked products and systems
• Operating systems and applications
• Devices deployed in customer managed environments
• Experience testing:
• Authentication and authorization mechanisms
• Privilege boundaries and lateral movement scenarios
• Configuration and update workflows
• Secure communication paths and trust assumptions
• Familiarity with common offensive security tools and techniques
• Experience
• 5+ years of hands on penetration testing or offensive security experience
• Demonstrated ability to test products, not just enterprise IT environments
• Experience working directly with engineering teams on remediation, verification, and validation

Certificates, Licenses, Registrations

• A professional security management certification or is working towards obtaining a professional security management certification such as:
• OSCP – Offensive Security Certified Professional
• OSEP / OSWE / OSEE – Advanced OffSec certifications
• GIAC GPEN – Penetration Tester
• GIAC GXPN – Exploit Researcher & Advanced Pentester
• GIAC GMOB – Mobile Device Security Analyst
• CREST CRT / Registered Penetration Tester

Other Skills And Abilities

• Experience with medical devices, IoMT, or safety critical systems
• Exposure to systems with mixed platforms (e.g., workstation, mobile, embedded)
• Embedded systems, firmware, or hardware testing experience
• Familiarity with:
• CVSS (v3.1 or v4)
• Threat modeling methodologies (e.g., STRIDE, PASTA, Attack Trees, CIA)
• Software supply chain and dependency risk
• Experience assessing systems deployed in healthcare or regulated environments

Canada Pay Transparency Clause This posting is for an existing vacancy. The expected annual base salary for this position is $110K–$130K CAD . This role may also be eligible for a company bonus or commission plan, as applicable to the position. Canadian work experience is not required. Automated or artificial intelligence–assisted tools may be used in the screening or assessment of applicants. Candidates who participate in an interview will be advised whether a hiring decision has been made within 45 days of the final interview, in accordance with applicable law.

Compensation and Benefits: Along with a competitive salary and bonus structure, Natus offers a comprehensive healthcare package that starts on your first day of employment, paid statutory holidays, 3 weeks’ vacation and 7 sick days, RRSP Match, tuition reimbursement program eligibility and more...

Be the People part of the Neuro Solution. Apply Today. EEO Statement: Natus Medical is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, veteran status, disability, sexual orientation, gender identity, or any other protected status. This posting is for an existing vacancy.

Accessibility: Natus is committed to creating an inclusive environment that accommodates all individuals, including those with disabilities. We support the goals of the Accessibility for Ontarians with Disabilities Acts (AODA) and have established policies, procedures and practices which adhere to the accessibility standards set out in the AODA. Should you require any accommodation throughout the recruitment process please do not hesitate to contact our Human Resources Department.