Medical Device Security Analyst

Cynergistek is seeking a dedicated Medical Device Security Analyst to join our dynamic team. In this remote role, you will play a crucial part in supporting our Medical Device Security Team and their diverse clientele. Your responsibilities will include the assessment, development, and implementation of robust medical device security programs and comprehensive vulnerability assessment and remediation strategies. You will collaborate closely with client technical staff and medical device teams to deeply understand specific risks associated with medical device usage. This understanding will enable you to tailor remediation plans and security programs effectively, addressing unique risks within various healthcare environments.

The ideal candidate possesses the ability to conduct thorough medical device security risk assessments and to formulate effective vulnerability management strategies. You will also contribute to the development of processes and associated documentation essential for building client medical device security programs. A key aspect of this role involves authoring and delivering clear, concise reports that detail findings and provide actionable recommendations for medical device security program enhancement. Success in this position hinges on achieving high levels of client satisfaction by meeting and exceeding expectations set by engagement leaders and project managers.

Minimum Qualifications:

• Bachelor's degree in business, technology, or an information security-related field, or equivalent work experience. Experience with medical devices and/or information security is highly advantageous.
• 1 year of experience with medical devices within a healthcare environment, covering lifecycle phases such as procurement, inventory and installation, ongoing support and maintenance, incident response, and end-of-life management.
• 1 year of experience with information security-related practices, including incident response, risk assessment/analysis, and risk management.
• Basic understanding of medical device cybersecurity principles and relevant documentation (e.g., MDS2, FDA, AAMI, ICS-CERT reports, etc.).
• Proven experience in writing technical reports and presenting findings to non-technical audiences.
• Possession of relevant risk and/or security certifications is required (CISSP, HCISPP, CISA, CISM, CRISC, CHPS, or equivalent).
• Comfort and aptitude for working in ambiguous and/or undefined situations.
• Willingness and availability for regular travel.