JOB SUMMARYAs the Medical Device Security Engineer, you will play a key role in the success of securing medical devices across the Baylor Scott & White Health organization. This role will develop a medical device security program including standards, governance, support, and metrics to manage risk associated with those devices. This position will collaborate with teams across IT and Biomed along with a managed services organization that performs some of the day-to-day functions of the program.SALARY:The pay range for this position is $48.72/hr ($101,337/year) for those with entry-level qualifications up to $84.42/hr ($175,593/year) for those highly experienced. The specific rate will depend upon the successful candidate's specific qualifications and prior experience.RESPONSIBILITIES
Develop security control requirements for securing medical devices across the organization to an acceptable risk level.
Partner with other teams to ensure the implementation of security controls on medical devices.
Establish governance processes and metrics to measure security control compliance of medical devices.
Create and update policies and standards for securing medical devices.
Manage loT/medical loT security solution used to detect and monitor vulnerabilities on medical devices.
Work with medical device manufacturers to ensure appropriate controls can be implemented on medical devices.
Partner with information risk management on assessing medical device vendor solutions including the review of MDS2 forms.
BENEFITSOur competitive benefits package includes the following
Immediate eligibility for health and welfare benefits
401(k) savings plan with dollar-for-dollar match up to 5%
Tuition Reimbursement
PTO accrual beginning Day 1
Note: Benefits may vary based upon position type and/or levelBASIC QUALIFICATIONS
BS Degree in computer science, computer engineering, software engineering, cybersecurity, or related technical degree; or 5 years equivalent technology experience.
5+ years experience in IS in an enterprise environment.
3+ years experience leading medical device security in a mid-to-large healthcare organization.
Experience managing IoT/mIoT solutions such as Palo Alto IoT, Medigate, Armis in large corporate environment.
Understanding of cybersecurity organizational practices, operations risk management processes, architectural requirements, and vulnerability risk.
Knowledge of common software, operating systems vulnerabilities, and Unix/Linux.
Strong experience with Vulnerability Management Platforms such as Tenable, Qualys, Rapid7, in a large corporate environment.
Experience with controls or frameworks such as NIST 800-53, NIST CSF, CIS, MITRE ATT&CK.
Strong experience in reading and understanding vulnerability scans.
Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization.
PREFERRED QUALIFICATIONS
Vulnerability management experience in a healthcare environment
Experience using ServiceNow for CMDB and ITSM functions
Certified Information Systems Security Professional (CISSP) certification
Certified Information Security Manager (CISM) certification
CompTIA Advanced Security Practitioners (CASP+)
Familiarity and understanding of HIPAA Security Rule
MINIMUM QUALIFICATIONS
EDUCATION - Bachelor's or 4 years of work experience above the minimum qualification
EXPERIENCE - 5 Years of Experience
As a health care system committed to improving the health of those we serve, we are asking our employees to model the same behaviours that we promote to our patients. As of January 1, 2012, Baylor Scott & White Health no longer hires individuals who use nicotine products. We are an equal opportunity employer committed to ensuring a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.