xIoT/CPS Cybersecurity Specialist in Dundee

Cylera Inc. (Intl.) are seeking to fulfil a role of xIoT/CPS Cybersecurity Specialist to assist in safeguarding our customers’ diverse xIoT, Clinical & CPS (Cyber-Physical Systems) devices and environments from cyber-risks, vulnerabilities, and threats. The role requires a strong foundation in these diverse and highly connected environments, cybersecurity principles combined with specialized knowledge of complex, sensitive and real-time communications systems and services involved in these environments, including critical infrastructure and healthcare.

Additionally, assessing and assuring compliance with industry and government regulation, legislation and standards. The role is a critical bridge between our clients’ cybersecurity responsibilities and the continued safe, robust and efficient delivery of their operations and services.

• xIoT/Clinical/CPS Cybersecurity Monitoring & Threat Management

• Monitor and Triage: Continuously monitor the client environment leveraging specialist technology provided by Cylera Solutions, for cyber events and incidents affecting highly connected systems and related cyber-physical system and clinical devices.
• Incident Response: Lead and/or assist in the investigation, containment, eradication, and recovery phases of cybersecurity incidents, with a specific focus on those impacting our clients’ CPS, IoMT, xIoT systems and devices.
• Vulnerability Management: Perform regular vulnerability evaluations and assessments on CPS, IoMT and xIoT systems and devices. Prioritize and track remediation and mitigation efforts based on risk to safe operation and service delivery, client intellectual property and data protection, as well as operational integrity.

• Cyber-Physical Inventory Management: Establish an accurate and trusted ‘single source’ of information regarding the clients connected clinical and cyber-physical devices, ensuring ongoing and up-to-date device coverage and accuracy.
• Risk Management: Conduct cybersecurity risk analyses for new connected solutions, system integrations, as well as medical and cyber-physical device acquisitions, assuring adherence to best practices and organizational security policies.
• Policy Development and Enforcement: Contribute to the development, implementation, and enforcement of security policies and procedures tailored for the clients cyber-physical and connected systems environments.

• Team Collaboration: Work closely with client system operators, engineers and clinicians, ICT teams and other related departments to understand workflows and implement security solutions without disrupting continued ‘safe’ service delivery.
• Security Awareness: Develop and deliver targeted security awareness training for client operational staff, emphasizing the unique threats and responsibilities associated service delivery and data leakage prevention.

• Education: Bachelor's degree in Computer Science with a major in cybersecurity for connected computer systems and networks. A similar degree level qualification in information technology and security or a related field. Additionally, relevant cybersecurity exposure or experience would be advantageous. A Master's degree in the above would be a plus, but is not essential.
• Experience: Foundational knowledge of computer networking technologies and platforms. Previous experience or internship in a cybersecurity role or function. Proven experience in a cybersecurity analytics role or cybersecurity operations, a strong understanding of the healthcare environment and medical devices and systems would be advantageous. Proven experience in cybersecurity vulnerability and threat management, including cyber-risk assessments, pen-tests and audits. Familiarity with SOAR technologies, platforms, and 3rd party security tools, such as SIEMs & TMPs, NAC & Firewall solutions, NIDS/NIPS platforms, Vulnerability Assessment Tools, Patch Management Solutions, and endpoint protection solutions. Familiarity with xIoT/CPS/Clinical systems and platforms, such as SCADA, R-TAP, ICS/IACS, DCS, HIS/HIMS, PACS, HER, LIS, and similar systems. Familiarity with embedded operating systems and firmware, such as Embedded Windows (e.g. Windows CE), Linux (*NIX), RTOS, bespoke/industrial firmware, and similar operating systems. Familiarity with specialist protocols and communications found in xIoT/CPS/Clinical environments, such as SiMD, DICOM, HL7, IEC 61850, IEC 60870-5-101/104, DNP3, ModbusTCP, Profibus, EtherNet/IP, BacNET, and similar protocols. Exposure to digitization projects within a healthcare context, i.e. Smart Hospitals, EMR Integrations, connected imaging etc. Exposure to A.I. tools and platforms, such as; LLMs, MCPs, and related Agents.
• Certifications: Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Management (CISM), Certified Ethical Hacker (CEH) or CompTIA Security+ are highly desirable.
• Additional Skills: Strong analytical and problem-solving skills. Excellent communication skills to translate complex technical issues to various audiences, including non-technical individuals. Ability to work both independently and collaboratively within a multidisciplinary team. A proactive and detail-oriented approach to identifying and addressing security risks. Language fluency in English (to a technical level).