Senior Cyber Security Engineer in Edinburgh, Scotland

At Spacelabs Healthcare, we are on a mission to provide continuous innovation in healthcare technology for better clinical and economic outcomes. Our scalable solutions deliver critical patient data across local and remote systems, enable better-informed decisions, increase efficiencies, and create a safer environment for patients.

The Spacelabs Privacy and Security Program is a shared service model with responsibility for Cybersecurity and Privacy by Design, Compliance, Security Testing and Incident Response. As a Spacelabs Senior Cybersecurity Engineer, you are responsible for cybersecurity and privacy functions for our Products. The role collaborates with Spacelabs Project Teams to ensure the product privacy and security posture. This role includes managing:

• Represent the Spacelabs Cybersecurity and Privacy Team
• Lead Product cross-functional team members to complete all technical aspects of product cyber security tasks and initiatives; be the Product Owner for Cybersecurity
• Ensure the Confidentiality, Integrity and Availability of Spacelabs Cloud Products and solutions
• Lead Cybersecurity and Privacy by Design and by Default for the assigned projects
• Represent cyber security with the product development teams to ensure cyber security and privacy is being designed into products
• Represent cybersecurity and privacy in the Risk Assessment as a subject matter expert including: cybersecurity threat management process continuous technical analysis and monitoring of cyber security signals
• Lead customer cybersecurity and Privacy assurance, including Product Security communications content such as: Product Labeling, completion of security inquiries, complaint and vulnerability reports, and provide consistent cybersecurity and privacy guidance to Spacelabs and Customer
• Lead Cybersecurity and Privacy Complaint Event and Incident Investigation

Requirements:

• 10 years of Cybersecurity and Privacy Compliance
• 5-10 years of Cloud Security Experience (AWS preferred)
• 5 years experience leading product cyber security projects and risk management activities in medical device or healthcare domain (preferred)
• Experience in cross-functional cyber security activities including Product Defense in Depth, security technology, regulatory compliance and incident response
• Domain specific standards and approaches on privacy and product security (ISO 2700x, NIST 800 Series Special Publications)
• Knowledgeable and experienced with laws and regulations on cyber security, privacy, data protection and breach notification (e.g.: FDA cyber security guidelines, 95/46/ED, HIPAA, GDPR, ISO 13485, ISO 14971, ISO 27001/27017/27018, ISO 30111; AAMI TIR 57; 21CFR820, SB1386, etc.)
• Experience in designing or leading software products using Secure SDLC
• Thorough understanding of securing and hardening Windows and Linux operating systems
• Thorough understanding of networking and network security
• Thorough understanding of Operating Systems, Operating Systems Security (e.g. hardening)
• Thorough understanding of Web Server Security
• Thorough understanding of Database Security
• Thorough understanding of Cloud Design and Architecture
• Thorough understanding of Security by Design and by Default for Cloud solutions (infrastructure, Application and Operational Security)
• Thorough understanding of AWS Cloud Security Best Practices
• Cyber security training and certification such as CISSP/CISM/CISA, Security; Cloud Security Alliance, SANS Cloud Security
• Bachelor's Degree plus a minimum of 15 years of related experience or Master's Degree plus a minimum of 10 years of related experience or waiver based on experience. Degree should be in a technical discipline such as Computer Science, Information Security, Cybersecurity or Software Engineering.