HTM Information Security Engineer
Mayo Clinic · Rochester, MN · 1 mo ago
Information Technology$102k–$143k/yrFull-time
About the role
The HTM Cyber team at Mayo Clinic is seeking an Information Security Engineer to support the team’s medical/facility device cybersecurity operations. This role focuses on identifying, assessing, and mitigating cybersecurity risks and vulnerabilities on connected medical and operational technology equipment.
Responsibilities
- Work closely with the Senior Engineer to provide practical technical support across core operational areas, including Associate Engineer support, Security Lifecycle Profiles, secure baseline remediation, vulnerability management, remote access review, vulnerability scanning, metrics, and process improvement.
- Bridge HTM field operations, vendor support, IT, and Information Security by troubleshooting connected device issues, translating security requirements into practical device-level actions, documenting repeatable remediation processes, and supporting risk-based decisions that protect patient care while reducing risk.
- Research, technical analysis, configuration, and administration of systems and procedures to ensure the protection of information processed, stored, or transmitted in Mayo Clinic's computing environments.
- Assist with the security design, consultation, and technology governance oversight for various projects and initiatives.
- Aid system users relative to information systems security matters and undertake complex projects requiring additional specialized technical knowledge.
- Act as information security liaison to various business units and the information technology department.
Requirements
- Bachelor's degree in Computer Science, Information Systems, Engineering or related major and a minimum of one (1) year experience in the information security field required, OR associate's degree and two (2) years' experience in the information security field, OR in lieu of a degree, five (5) years' experience in the information security field required.
- Ability to develop specific proactive procedures for detection of security breaches, identifying security risks in the software development process and code promotion procedures.
- Basic knowledge of TCP/IP networking.
- Possesses human relation skills to interact effectively with a variety of personnel.
- Ability to multi-task and prioritize issues appropriately.
- Demonstrated ability to work effectively in a team environment as a participant.
- Capacity to work independently and willingness to seek advice/assistance.
- Certified as CISSP, GIAC, CISM, or security equivalent; or will obtain certification within 2 years of hire.
Preferred Qualifications
- Biomedical / Clinical Engineering Experience: Hands-on experience working with medical, laboratory, or operational devices in clinical environments.
- Healthcare Device Networking Fundamentals: IP addressing, ports/protocols, VLANs, connectivity, and troubleshooting of networked medical devices.
- Medical Device Cybersecurity & Vulnerability Management: Identification, assessment, prioritization, and remediation of vulnerabilities on connected devices.
- Device-Level Security Implementation (Hardening & Remediation): Applying secure configurations, coordinating patching, and implementing compensating controls in vendor-constrained environments.
- Cross-Functional Technical Collaboration: Working across HTM, IT, Information Security, and vendors to resolve issues without impacting patient care.
- Risk-Based Decision Making in Clinical Environments: Balancing cybersecurity risk with patient safety, device availability, and operational constraints.
- Process Documentation & Operationalization (optional depending on limit): Creating repeatable workflows, remediation steps, and technical documentation for scalable execution.
Benefits
- Comprehensive benefits package including medical, dental, vision, pre-tax savings accounts, retirement plans, and more.
Pay
$102,336 - $143,270/year
Schedule
Full Time, Monday - Friday; 8:00 am to 5:00 pm. This is a hybrid position and must be located within 100 miles of a Mayo Clinic campus for occasional on-site expectations based on business needs.