HTM Information Security Engineer

Mayo Clinic is a top-ranked healthcare provider, and they are seeking an Information Security Engineer to support cybersecurity operations across medical and operational technology environments. The role focuses on identifying and mitigating cybersecurity risks on connected medical devices, working closely with various teams to ensure patient safety and compliance with security protocols.

Responsibilities

• Support the team’s medical/facility device cybersecurity operations across medical, research, laboratory, and facilities environments
• Identify, assess, and mitigate cybersecurity risks and vulnerabilities directly on connected medical and operational technology equipment
• Work closely with the Senior Engineer and provide practical technical support across core operational areas, including Associate Engineer support, Security Lifecycle Profiles, secure baseline remediation, vulnerability management, remote access review, vulnerability scanning, metrics, and process improvement
• Bridge HTM field operations, vendor support, IT, and Information Security by helping troubleshoot connected device issues, translate security requirements into practical device-level actions, document repeatable remediation processes, and support risk-based decisions that protect patient care while reducing risk across complex healthcare technology environments
• Research, technical analysis, configuration, and administration of systems and procedures to ensure the protection of information processed, stored or transmitted in Mayo Clinic's computing environments
• Assist with the security design, consultation, and technology governance oversight for various projects and initiatives
• Assist system users relative to information systems security matters and undertake complex projects requiring additional specialized technical knowledge
• Act as information security liaison to various business units and the information technology department

Skills

• Bachelor's degree in Computer Science, Information Systems, Engineering or related major and a minimum one (1) year experience in the information security field required, OR associate's degree and two (2) years' experience in the information security field, OR in lieu of a degree, five (5) years' experience in the information security field required
• Ability to develop specific proactive procedures for detection of security breaches, identifying security risks in the software development process and code promotion procedures
• Basic knowledge of TCP/IP networking
• Possesses human relation skills to interact effectively with a variety of personnel
• Ability to multi-task and prioritize issues appropriately
• Demonstrated ability to work effectively in a team environment as a participant
• Capacity to work independently and willingness to seek advice/assistance
• Certified as CISSP, GIAC, CISM, or security equivalent; or will obtain certification within 2 years of hire
• Authorization to work and remain in the United States, without necessity for Mayo Clinic sponsorships now, or in the future (for example, be a U.S. Citizen, national, or permanent resident, refugee, or asylee). Mayo Clinic does not participate in the F-1 STEM OPT extension program
• Biomedical / Clinical Engineering Experience: Hands-on experience working with medical, laboratory, or operational devices in clinical environments
• Healthcare Device Networking Fundamentals: IP addressing, ports/protocols, VLANs, connectivity, and troubleshooting of networked medical devices
• Medical Device Cybersecurity & Vulnerability Management: Identification, assessment, prioritization, and remediation of vulnerabilities on connected devices
• Device-Level Security Implementation (Hardening & Remediation): Applying secure configurations, coordinating patching, and implementing compensating controls in vendor-constrained environments
• Cross-Functional Technical Collaboration: Working across HTM, IT, Information Security, and vendors to resolve issues without impacting patient care
• Risk-Based Decision Making in Clinical Environments: Balancing cybersecurity risk with patient safety, device availability, and operational constraints
• Process Documentation & Operationalization (optional depending on limit): Creating repeatable workflows, remediation steps, and technical documentation for scalable execution

Benefits

• Benefits Eligible: Yes
• Flexibility of both remote and on-site work
• Medical: Multiple plan options.
• Dental: Delta Dental or reimbursement account for flexible coverage.
• Vision: Affordable plan with national network.
• Pre-Tax Savings: HSA and FSAs for eligible expenses.
• Retirement: Competitive retirement package to secure your future.

Company Overview