Cyber Security Analyst (Medical Device Security)

Our patients are our number one priority! We're committed to giving children back their childhood!

Job Posting Title:

Cyber Security Analyst (Medical Device Security)

Location:

Dallas - Shared Services

Additional Posting Details:

Monday - Friday

Day Shift -Hybrid schedule

Job Description:

Posting Summary

Seeking a Cyber Security Analyst with a focus on Medical Device Security. This role will serve as the primary liaison between IT, Biomedical Services, Departmental Leadership, and Asset Owners to ensure the cybersecurity of all medical devices. The analyst will coordinate and execute cybersecurity tasks, support compliance initiatives, and manage lifecycle activities for medical devices. The position requires strong cross-departmental communication, project coordination skills, and a solid understanding of both IT/cybersecurity best practices and clinical workflows.

Focus Area: Medical Device Security

Each Cyber Security Analyst is assigned a specific focus area representing their primary domain of expertise and responsibility within the cybersecurity team. For this position, the focus area is Medical Device Security. The analyst will concentrate on safeguarding the hospital’s medical device ecosystem, coordinating cybersecurity tasks, compliance, and lifecycle management for all medical equipment, and serving as the primary liaison between IT, Biomedical Services, and clinical departments.

Position Summary

• Reviewing inventory of medical devices and identifying cybersecurity risks such as missing patches, outdated software, or configuration weaknesses.
• Addressing identified risks directly or through vendor/department coordination, ensuring follow-up and risk resolution.
• Defining and communicating technical requirements for device configuration, VLANs, authentication, and encryption to vendors and departments.
• Supporting policy and configuration compliance initiatives by aligning device configurations with internal technical control standards.
• Periodically updating control standards to ensure configurations remain current.
• Collaborating with GRC and security teams on logging, auditing, access control, risk assessments, and compliance automation.
• Periodically reviewing medical device inventory to ensure lifecycle management (rounding, end-of-life tracking, replacement planning).
• Coordinating and delivering cybersecurity awareness and training for medical device stakeholders.
• Maintaining and reconciling the medical device asset inventory.
  
  

General Cybersecurity Analyst Responsibilities

• Monitoring & Incident Response: Monitor security alerts, investigate potential threats, and respond to security incidents in collaboration with the SOC and IT operations teams.
• Threat Detection & Vulnerability Management: Conduct regular vulnerability scans, risk assessments, and penetration tests. Analyze results and prioritize remediation efforts.
• Security Event Analysis: Collect, analyze, and correlate logs from various systems and devices (SIEM tools) to detect anomalous or malicious activity.
• Policy & Compliance Support: Assist in developing, maintaining, and enforcing information security policies, procedures, and standards. Support internal and external audits.
• Access Management: Support identity and access management (IAM) functions, including privileged access reviews and role-based access control enforcement.
• Network & Endpoint Protection: Collaborate with infrastructure teams to maintain secure configurations, firewall rules, and endpoint protection policies.
• Incident Documentation & Reporting: Document incidents, root cause analyses, and remediation outcomes. Prepare periodic reports for leadership and compliance.
• Security Awareness & Training: Support organization-wide security awareness initiatives and assist with phishing simulations or targeted education campaigns.
• Continuous Improvement: Stay informed about emerging cybersecurity threats, technologies, and regulatory requirements. Recommend improvements to enhance organizational resilience.
  
  

Qualifications

• Bachelor’s degree in Cybersecurity/Information Security, Biomedical Engineering (with a focus on Cybersecurity or IT), Computer Science, or related field (or equivalent experience).
• 5 years of cybersecurity experience, medical device experience, IT systems experience in healthcare or regulated environments (or equivalent experience).
• Familiarity with medical device security, FDA cybersecurity guidance, HIPAA, and NIST 800-53/800-171 frameworks.
• Hands-on experience medical devices and IT systems.
• Preferred: Certifications such as Security , CySA , or CISSP.
• Periodically reviewing medical device inventory to ensure lifecycle management (rounding, en-of-life tracking, replacement planning)
• Coordinating and delivering cybersecurity awareness and training for medical device stakeholders.
• Maintaining and reconciling the medical device asset inventory.
  
  

General Cybersecurity Analyst Responsibilities

• Monitoring & Incident Response: Monitor security alerts, investigate potential threats, and respond to security incidents in collaboration with the SOC and IT operations teams.
• Threat Detection & Vulnerability Management: Conduct regular vulnerability scans, risk assessments, and penetration tests. Analyze results and prioritize remediation efforts.
• Security Event Analysis: Collect, analyze, and correlate logs from various systems and devices (SIEM tools) to detect anomalous or malicious activity.
• Policy & Compliance Support: Assist in developing, maintaining, and enforcing information security policies, procedures, and standards. Support internal and external audits.
• Access Management: Support identity and access management (IAM) functions, including privileged access reviews and role-based access control enforcement.
• Network & Endpoint Protection: Collaborate with infrastructure teams to maintain secure configurations, firewall rules, and endpoint protection policies.
• Incident Documentation & Reporting: Document incidents, root cause analyses, and remediation outcomes. Prepare periodic reports for leadership and compliance.
• Security Awareness & Training: Support organization-wide security awareness initiatives and assist with phishing simulations or targeted education campaigns.
• Continuous Improvement: Stay informed about emerging cybersecurity threats, technologies, and regulatory requirements. Recommend improvements to enhance organizational resilience.
  
  

Qualifications

• Bachelor’s degree in Cybersecurity/Information Security, Biomedical Engineering (with a focus on Cybersecurity or IT), Computer Science, or related field (or equivalent experience).
• 5 years of cybersecurity experience, medical device experience, IT systems experience in healthcare or regulated environments (or equivalent experience).
• Familiarity with medical device security, FDA cybersecurity guidance, HIPAA, and NIST 800-53/800-171 frameworks.
• Hands-on experience medical devices and IT systems.
• Preferred: Certifications such as Security , CySA , or CISSP.