Senior Cyber Security Engineer

Senior Cyber Security Engineer - Edinburgh, Hybrid

Our client is an established name in healthcare technology, developing solutions that sit at the intersection of patient safety and clinical innovation. As part of an ambitious project to build out their Edinburgh R&D teams to own the next generation of their flagship product, they are now looking to hire a Senior Cyber Security Engineer with previous experience in medical‑tech or healthcare.

• Salary up to £75,000
• Hybrid working - 3 days a week into the office
• 25 days annual leave - which increase in years of service
• Life insurance
• Pension
• Paid charity work days
• Healthcare cash plan
• ... and much more.

Rather than stepping into an existing security operation, you will be carving out the role itself. Sitting across product development, you will be the person engineering teams turn to when security decisions need to be made, from how a cloud environment is architected through to how a vulnerability is disclosed to a customer.

Our client operate in a tightly regulated space where the consequences of poor security practice extend well beyond data loss.

• Managing external‑facing security communications, from customer queries through to vulnerability and incident reporting
• Embedding security and privacy thinking into product development from the earliest design stages
• Running threat assessments and maintaining ongoing visibility of the risk landscape across assigned products
• Serving as the internal expert voice on cybersecurity within product, engineering, and quality conversations
• Keeping the business on the right side of a demanding regulatory framework spanning multiple international standards
• Owning the investigation and resolution of any security incidents or complaints tied to their product portfolio

• Experience in a healthcare or medical device environment
• Strong command of NIST 800
• Strong experience in Cloud Security (AWS/Azure/GCP)
• Proven track record managing product security in a regulated healthcare or medical device setting
• Regulatory landscape such as FDA guidance, HIPAA, GDPR, ISO 13485, ISO 14971, AAMI TIR 57, ISO 27001 series, and 21 CFR 820 among others
• Technical credibility across cloud architecture, network security, OS hardening across Windows and Linux environments, and secure software development practices

This is a chance to define how security is done within a business that genuinely cannot afford to get it wrong, and to do so with the backing and resource of a well‑established global organisation.

The role offers real autonomy, a direct line into product and engineering leadership, and the kind of career‑defining scope that comes with building something from nothing.

Bright Purple is an equal opportunities employer: we are proud to work with clients who share our values of diversity and inclusion in our industry.