Clinical Engineering Medical Device Security Engineer

Where You’ll Work

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system.

Job Summary and Responsibilities

The Clinical Engineering Med Device Security Eng I mitigates medical device vulnerabilities and threats at a system level by developing and testing remediation instructions, and partnering with cross-functional teams to implement mitigation strategies.  In the event of a security incident, this position leads remediation efforts and coordinates with cross-functional teams to return medical devices to service and to implement measures that will prevent future attacks.

The Clinical Engineering Med Device Security Eng I has system level responsibilities to safeguard CommonSpirit's medical device environment to ensure device integrity and resilience by assessing, monitoring and responding to security vulnerabilities and threats.  This role ensures that medical devices comply with relevant cybersecurity regulations, standards and guidelines.

Essential Function

• Collaborate with cross-functional teams to implement mitigation strategies that address medical device security vulnerabilities and threats.
• Develop and test medical device security patching and remediation instructions to mitigate risks while also maintaining the integrity of the devices to ensure device reliability and patient safety.
• In the event of a security incident, lead system wide remediation efforts by coordinating with cross-functional teams to return the devices to service and to implement measures that will prevent future attacks.
• Conduct comprehensive assessments of system wide medical devices to identify potential security risks and vulnerabilities by reviewing MDS2 forms, and obtaining information from medical device OEMs.
• Ensure that medical devices comply with relevant cybersecurity regulations, standards and guidelines.
• Resolve technical challenges and provide support to field technicians.

The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned.

Job Requirements

Required:

• Bachelors Other HTM, Computer Science, Technology, Business disciple upon hire or equivalent professional experience required
• 2-4 years experience working in healthcare/IT Security, System Administration, Software Development or related field.
• 1-2  years experience working in a healthcare/medical environment
• Experience working with specialized medical equipment in a healthcare setting.
• Experience with Cybersecurity and Infrastructure Security Agency (CISA), HIPAA/HITECH compliance standards.
• Valid Drivers License

Preferred:

• Experience working with the software development life cycle or project management methodologies.

This position requires participation in a rotational on-call schedule, including nights, weekends, and holidays. Candidates must be available to respond to urgent service needs outside of regular business hours and may be required to return to the facility on short notice.