HTM Information Security Engineer

Mayo Clinic is a top-ranked healthcare provider dedicated to putting the needs of patients first while investing in their employees. They are seeking an Information Security Engineer to support cybersecurity operations for medical and facility devices, focusing on risk assessment and mitigation in healthcare technology environments.

Responsibilities

• Support the team’s medical/facility device cybersecurity operations across medical, research, laboratory, and facilities environments
• Identify, assess, and mitigate cybersecurity risks and vulnerabilities directly on connected medical and operational technology equipment
• Work closely with the Senior Engineer and provide practical technical support across core operational areas
• Assist with Security Lifecycle Profiles, secure baseline remediation, vulnerability management, remote access review, vulnerability scanning, metrics, and process improvement
• Bridge HTM field operations, vendor support, IT, and Information Security by troubleshooting connected device issues
• Translate security requirements into practical device-level actions
• Document repeatable remediation processes and support risk-based decisions that protect patient care
• Research, technical analysis, configuration, and administration of systems and procedures to ensure the protection of information
• Assist with the security design, consultation, and technology governance oversight for various projects and initiatives
• Act as information security liaison to various business units and the information technology department

Skills

• Bachelor's degree in Computer Science, Information Systems, Engineering or related major and a minimum one (1) year experience in the information security field required, OR associate's degree and two (2) years' experience in the information security field, OR in lieu of a degree, five (5) years' experience in the information security field required
• Ability to develop specific proactive procedures for detection of security breaches, identifying security risks in the software development process and code promotion procedures
• Basic knowledge of TCP/IP networking
• Possesses human relation skills to interact effectively with a variety of personnel
• Ability to multi-task and prioritize issues appropriately
• Demonstrated ability to work effectively in a team environment as a participant
• Capacity to work independently and willingness to seek advice/assistance
• Certified as CISSP, GIAC, CISM, or security equivalent; or will obtain certification within 2 years of hire
• Biomedical / Clinical Engineering Experience: Hands-on experience working with medical, laboratory, or operational devices in clinical environments
• Healthcare Device Networking Fundamentals: IP addressing, ports/protocols, VLANs, connectivity, and troubleshooting of networked medical devices
• Medical Device Cybersecurity & Vulnerability Management: Identification, assessment, prioritization, and remediation of vulnerabilities on connected devices
• Device-Level Security Implementation (Hardening & Remediation): Applying secure configurations, coordinating patching, and implementing compensating controls in vendor-constrained environments
• Cross-Functional Technical Collaboration: Working across HTM, IT, Information Security, and vendors to resolve issues without impacting patient care
• Risk-Based Decision Making in Clinical Environments: Balancing cybersecurity risk with patient safety, device availability, and operational constraints
• Process Documentation & Operationalization (optional depending on limit): Creating repeatable workflows, remediation steps, and technical documentation for scalable execution

Benefits

• Benefits Eligible: Yes
• Flexibility of both remote and on-site work
• Medical: Multiple plan options.
• Dental: Delta Dental or reimbursement account for flexible coverage.
• Vision: Affordable plan with national network.
• Pre-Tax Savings: HSA and FSAs for eligible expenses.
• Retirement: Competitive retirement package to secure your future.

Company Overview