Medical Device Security Specialist (flex-hybrid)

Flexible Hybrid

UCLA Health

Ranked as one of America's top hospitals, UCLA Health provides the best care at its 4 hospitals and more than 250 locations throughout Southern California.

View all jobs at UCLA Health

Apply now Apply later

General Information

Press space or enter keys to toggle section visibility

Work Location: Los Angeles, USA Onsite or Remote Flexible Hybrid Work Schedule Monday-Friday, 8:00 am - 5:00 pm PST Posted Date 12/21/2024 Salary Range: $124600 - 289400 Annually Employment Type 2 - Staff: Career Duration Indefinite Job # 20710

Primary Duties and Responsibilities

Press space or enter keys to toggle section visibility

The medical device security specialist will play a crucial role in safeguarding our medical device environment to ensure device integrity and resilience by assessing, monitoring, and responding to threats and vulnerabilities.  This position will work closely with cross-functional teams to ensure that our medical devices meet the highest standards of security, compliance, and reliability. 

Duties include, but are not limited to:

  • Conduct comprehensive assessments of medical devices to identify potential security risks and vulnerabilities.  Operation and administration of the Medigate medical device security platform.
  • Ensure Medical Device IT inventory is accurate and up to date.  Participate in developing and implementing integrations for clinical device inventory data in service-now (CMDB inventory)
  • Conduct Pen Testing to assess the resilience of our security controls against simulated cyber-attacks, identifying potential weaknesses and areas for improvement
  • Participate in developing and implementing strategies to mitigate cybersecurity risks associated with medical devices, including but not limited to threat modeling, vulnerability management, and penetration testing.
  • Ensure that medical devices comply with relevant cybersecurity regulations, standards, and guidelines, such as FDA premarket cybersecurity guidance, HIPAA, and GDPR.
  • Collaborate with cross-functional teams to strengthen technical controls of network connected medical devices. Continuously evaluate the effectiveness of existing security controls deployed to mitigate vulnerabilities in medical devices, recommending adjustments or enhancements as necessary to bolster protection against evolving threats.
  • Participate in developing and maintaining incident response plans and procedures to effectively respond to cybersecurity incidents involving medical devices.
  • Perform investigation and analysis of security incidents involving medical devices, conducting digital forensics examinations to uncover the root causes of incidents and support remediation efforts.
  • Engage in a rotating on-call schedule to promptly respond to cybersecurity threats within a 24/7 healthcare environment.
  • Evaluate the cybersecurity posture of third-party vendors and suppliers providing components or services for medical devices.

This flexible hybrid role allows for a blend of remote and on-site work, requiring presence on-site as needed based on operational requirements. Please note, travel to the “home office” location is not reimbursed. Each employee will complete a FlexWork Agreement with their manager to outline expectations and ensure mutual understanding. These arrangements are periodically reviewed and may be adjusted or terminated as necessary.

Salary offers are based on a variety of factors including qualifications, experience, and internal equity. The full salary range for this position is $124,600 - $289,400 annually. The University anticipates offering a salary between the minimum and midpoint of this range.

As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.

Job Qualifications

Press space or enter keys to toggle section visibility

Required Experience:

  • 8+ years of extensive, hands-on experience in cybersecurity, with significant focus on healthcare IoT/IoMT device security
  • 5+ years of experience leading and managing teams of cybersecurity professionals to implement security programs.
  • Proven track record leading projects to deploy and operate security solutions across distributed environments.
  • Experience performing risk assessments, developing security policies/standards, and implementing controls.
  • Substantial background working with clinical engineers, biomedical teams, and IT teams in healthcare settings.
  • Deep expertise with security frameworks (NIST CSF, ISO, etc.), regulations (HIPAA, etc.) and cybersecurity best practices

Required Qualifications:

Bachelor's degree in computer science, cybersecurity, information systems or related technical field is preferred, but not required with sufficient equivalent work experience.

Relevant industry certifications such as CISSP, CISM, CRISC, HCISPP, etc. or equivalent work experience.

Extensive technical skills across security domains including network, endpoint, cloud, application security, etc.

Significant experience with security tools for vulnerability management, SIEM, IDS/IPS, DLP, etc.

Outstanding leadership, communication, and stakeholder management abilities

Exceptional problem-solving, critical thinking, and decision-making skills

Ability to roll up sleeves and perform specialized, hands-on cybersecurity work as needed.


As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.
Apply now Apply later
Job stats:  0  0  0

Tags: Application security CISM CISSP Cloud Compliance Computer Science CRISC Forensics GDPR HIPAA IDS Incident response IoT IPS Monitoring NIST Pentesting Risk assessment SIEM Vulnerabilities Vulnerability management

Perks/benefits: Equity / stock options Flex hours Health care

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.