UCLA Health Home Page

The medical device security specialist will play a crucial role in safeguarding our medical device environment to ensure device integrity and resilience by assessing, monitoring, and responding to threats and vulnerabilities.  This position will work closely with cross-functional teams to ensure that our medical devices meet the highest standards of security, compliance, and reliability. 

Duties include, but are not limited to:

• Conduct comprehensive assessments of medical devices to identify potential security risks and vulnerabilities.  Operation and administration of the Medigate medical device security platform.
• Ensure Medical Device IT inventory is accurate and up to date.  Participate in developing and implementing integrations for clinical device inventory data in service-now (CMDB inventory)
• Conduct Pen Testing to assess the resilience of our security controls against simulated cyber-attacks, identifying potential weaknesses and areas for improvement
• Participate in developing and implementing strategies to mitigate cybersecurity risks associated with medical devices, including but not limited to threat modeling, vulnerability management, and penetration testing.
• Ensure that medical devices comply with relevant cybersecurity regulations, standards, and guidelines, such as FDA premarket cybersecurity guidance, HIPAA, and GDPR.
• Collaborate with cross-functional teams to strengthen technical controls of network connected medical devices. Continuously evaluate the effectiveness of existing security controls deployed to mitigate vulnerabilities in medical devices, recommending adjustments or enhancements as necessary to bolster protection against evolving threats.
• Participate in developing and maintaining incident response plans and procedures to effectively respond to cybersecurity incidents involving medical devices.
• Perform investigation and analysis of security incidents involving medical devices, conducting digital forensics examinations to uncover the root causes of incidents and support remediation efforts.
• Engage in a rotating on-call schedule to promptly respond to cybersecurity threats within a 24/7 healthcare environment.
• Evaluate the cybersecurity posture of third-party vendors and suppliers providing components or services for medical devices.

This flexible hybrid role allows for a blend of remote and on-site work, requiring presence on-site as needed based on operational requirements. Please note, travel to the “home office” location is not reimbursed. Each employee will complete a FlexWork Agreement with their manager to outline expectations and ensure mutual understanding. These arrangements are periodically reviewed and may be adjusted or terminated as necessary.

Salary offers are based on a variety of factors including qualifications, experience, and internal equity. The full salary range for this position is $124,600 - $289,400 annually. The University anticipates offering a salary between the minimum and midpoint of this range.

As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.