Clinical Engineering Medical Device Security Engineer II

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system.

This position will serve the state of California region (specifically South of Bakersfield, CA) and would require travel up to 75% of the time with non-traveling work being from a home office. We are looking for a candidate with residence in this region. 

Job Summary / Purpose
 

The Clinical Engineering Med Device Security Eng II has system level responsibilities to provide medical device security tool & process training, to architect and implement security solutions without disrupting device integrity or patient safety, and to evaluate effectiveness of existing security controls.  This position collaborates with cross-functional teams to strengthen technical controls of network connected medical devices and to troubleshoot and recover medical devices due to issues associated with upgrades, patching, security vulnerabilities, threats etc.

The Clinical Engineering Med Device Security Eng II position includes all responsibilities of the Clinical Engineering Med Device Security Eng I position, which include:

 Mitigation of medical device vulnerabilities and threats at a system level by developing and testing remediation instructions, and partnering with cross-functional teams to implement mitigation strategies.  In the event of a security incident, this position leads remediation efforts and coordinates with cross-functional teams to return medical devices to service and to implement measures that will prevent future attacks.

System level responsibilities to safeguard CommonSpirit's medical device environment to ensure device integrity and resilience by assessing, monitoring and responding to security vulnerabilities and threats.  This role ensures that medical devices comply with relevant cybersecurity regulations, standards and guidelines.

 
Essential Functions

• Collaborate with cross-functional teams to architect solutions that strengthen technical controls of network connected medical devices without disrupting device integrity or patient safety (e.g. network architecture, active directory, group policies, windows images, end point security tools, etc.).
• Utilize technology and analysis activities to continuously evaluate the effectiveness of existing security controls deployed to mitigate vulnerabilities in medical devices, recommending adjustments or enhancements as necessary to bolster protection against evolving threats.
• Provide system wide medical device security tool & process training.
• Troubleshoot and assist with recovery of medical devices due to issues associated with upgrades, patching, security vulnerabilities, threats, etc.
• Key responsibilities include all responsibilities from the Clinical Engineering Med Device Security Eng I position, which includes:
• Collaborate with cross-functional teams to implement mitigation strategies that address medical device security vulnerabilities and threats.
• Develop and test medical device security patching and remediation instructions to mitigate risks while also maintaining the integrity of the devices to ensure device reliability and patient safety.
• In the event of a security incident, lead system wide remediation efforts by coordinating with cross-functional teams to return the devices to service and to implement measures that will prevent future attacks.
• Conduct comprehensive assessments of system wide medical devices to identify potential security risks and vulnerabilities by reviewing MDS2 forms, and obtaining information from medical device OEMs.
• Ensure that medical devices comply with relevant cybersecurity regulations, standards and guidelines.

The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned.

Required:

• Bachelors degree in HTM, Computer Science, Technology or Business Discipline upon hire or equivalent professional experience required. 
• 4-7 years of experience working in healthcare/IT Security, System Administration, Software Development or related field.
• 2-5 years experience working in a healthcare/medical environment.
• Experience working with specialized medical equipment in a healthcare setting.
• Experience with Cybersecurity and Infrastructure Security Agency (CISA) HIPAA/HITECH compliance standards.
• Valid Driver's License

Preferred:

• Experience working with the software development life cycle or project management methodologies preferred
• Certified Biomedical Equipment Technician (CBET)
• Certified Radiology Equipment Specialists (CRES)
• Certified Healthcare Tech Manager (CHTM)
• CompTIA A+ Certification (A-PLUS)
• CompTIA Network A+ (NTWK-PLUS)