Clinical Engineering Medical Device Security Engineer II
Where You'll Work
Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation's largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system.
Job Summary and Responsibilities
This position will serve the state of California region (specifically South of Bakersfield, CA) and would require travel up to 75% of the time with non-traveling work being from a home office. We are looking for a candidate with residence in this region.
As our Clinical Engineering Medical Device Security Engineer II, you will be a key architect of CommonSpirit Health's robust medical device cybersecurity framework, providing advanced expertise to safeguard patient safety and device integrity across the system. This senior role involves not only mitigating vulnerabilities but also proactively designing and implementing cutting-edge security solutions and evaluating the effectiveness of controls. You will be instrumental in developing and delivering critical security tool and process training, ensuring our teams are equipped to handle the evolving cyber threat landscape.
Every day you will lead collaborations with cross-functional teams to architect innovative security solutions that harden technical controls for network-connected medical devices, all while meticulously preserving device functionality and patient safety. This includes expertise in areas like network architecture, Active Directory, group policies, Windows images, and endpoint security tools. You will continuously leverage advanced technology and analytical insights to evaluate the efficacy of existing security controls, recommending strategic adjustments and enhancements to bolster our defenses. Furthermore, you will provide system-wide medical device security training, troubleshoot complex issues, and expertly lead recovery efforts for devices impacted by upgrades, patching, or security incidents, embodying all the responsibilities of the Medical Device Security Engineer I role.
To be successful in this pivotal role, you will possess significant experience in medical device security engineering, cybersecurity architecture, and system-level vulnerability management. Your expertise in incident response, forensics, and the development of secure medical device environments will be crucial. We are seeking a highly skilled and strategic professional with a proven track record in developing and implementing advanced security solutions without compromising operational integrity. Strong communication and training capabilities are essential, along with a deep understanding of relevant cybersecurity regulations and the ability to conduct comprehensive risk assessments and remediation strategies.
- Architect and implement robust security solutions for networked medical devices
- Continuously evaluate and enhance existing security controls against evolving threats
- Provide system-wide medical device security training
- Lead troubleshooting and recovery efforts for affected medical devices
- Mitigate vulnerabilities and lead incident response for medical device security
- Conduct comprehensive security assessments and ensure regulatory compliance
The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned.
Job Requirements
Required:
- Bachelors degree in HTM, Computer Science, Technology or Business Discipline upon hire or equivalent professional experience required.
- 4-7 years of experience working in healthcare/IT Security, System Administration, Software Development or related field.
- 2-5 years experience working in a healthcare/medical environment.
- Experience working with specialized medical equipment in a healthcare setting.
- Experience with Cybersecurity and Infrastructure Security Agency (CISA) HIPAA/HITECH compliance standards.
- Valid Driver's License
Preferred:
- Experience working with the software development life cycle or project management methodologies preferred
- Certified Biomedical Equipment Technician (CBET)
- Certified Radiology Equipment Specialists (CRES)
- Certified Healthcare Tech Manager (CHTM)
- CompTIA A+ Certification (A-PLUS)
- CompTIA Network A+ (NTWK-PLUS)
This position requires participation in a rotational on-call schedule, including nights, weekends, and holidays. Candidates must be available to respond to urgent service needs outside of regular business hours and may be required to return to the facility on short notice.