Job Description

Principal Engineer, Product Cyber Security Systems

Hybrid | Valencia, CA

This highly technical role serves as a key subject matter expert (SME) in product cybersecurity, supporting the secure design, development, and maintenance of Advanced Bionics products and services. You will partner cross-functionally across R&D, Quality, Product Development, and Global Cyber Security teams to ensure cybersecurity best practices are embedded into the product lifecycle.

What you’ll do

• Serve as the SME for product cybersecurity risk assessments, including threat modeling, vulnerability management, impact assessments, and security test planning

• Collaborate with the Sonova Global Product Cyber Security Center of Expertise (CoE) to implement cybersecurity strategy and roadmap initiatives

• Ensure secure design, development, and maintenance of hardware, embedded software, smart device applications, and PC software products

• Lead cybersecurity risk assessments and security verification activities, including code reviews, vulnerability scanning, penetration testing, and validation activities

• Monitor evolving cyber threats, regulatory requirements, and industry standards, conducting gap assessments and recommending mitigation strategies

• Define and maintain cybersecurity policies, standards, controls, and secure product development practices

• Support vulnerability management, incident response activities, and customer complaint investigations related to cybersecurity

• Partner with internal and external stakeholders, including regulatory bodies, customers, and cross-functional product teams

• Drive continuous improvement and automation of cybersecurity practices, including DevSecOps initiatives

• Mentor product development and quality teams on secure product development lifecycle best practices

What you bring

• Bachelor’s degree with 10+ years of relevant experience or Master’s degree with 8+ years of experience in Engineering, Computer Science, Cyber Security, or related technical discipline

• 10+ years of practical experience in software engineering, SDLC, systems architecture, and project management

• 5+ years of cybersecurity-related experience

• Strong expertise in threat modeling, security assessments, vulnerability management, and secure product development

• Excellent analytical, problem-solving, and communication skills

• Ability to communicate complex technical cybersecurity concepts to both technical and non-technical audiences

• Experience working cross-functionally in a highly collaborative environment

Preferred qualifications

• Previous medical device industry experience

• Knowledge of secure SDLC, CI/CD, cryptography, authentication and authorization protocols (OAuth2, WebAuthn)

• Familiarity with cybersecurity standards and frameworks including OWASP Top 10, SANS CWE-25, GDPR, MDR, FDA, and HIPAA

• Experience with programming languages such as C, C++, C#, Java, Swift, Kotlin, TypeScript, Rust, Python, PowerShell, or Bash

• Experience with Bluetooth, Wi-Fi, TLS, embedded systems, penetration testing, and wireless protocol security

A minimum of 200Mb/sec download and 10Mb/sec upload speed internet connectivity is required to support any remote/hybrid employee functionality at Sonova

Don't meet all the criteria? If you’re willing to go all in and learn we'd love to hear from you!

We are looking forward to receiving your application via our online job application platform. For this position only direct applications will be considered. Sonova does not recruit via app, telegram, carrier pigeon or any other format that does not include speaking with an actual human. If you are offered a job without speaking with someone please contact Sonova Human Resources

What we offer

• Medical, dental and vision coverage*
• Health Savings, Health Reimbursement, Flexible Spending/Dependent Care Accounts
• TeleHealth options
• 401k plan with company match*
• Company paid life/ad&d insurance
  • Additional supplemental life/ad&d coverage available
• Company paid Short/Long-Term Disability coverage (STD/LTD)
  • STD LTD Buy-ups available
• Accident/Hospital Indemnity coverage
• Legal/ID Theft Assistance
• PTO (or sick and vacation time), floating Diversity Day, & paid holidays*
• Paid parental bonding leave
• Employee Assistance Program (24/7 mental health support hotline, 5 company paid counseling sessions and more)
• Robust Internal Career Growth opportunities
• Tuition reimbursement
• Hearing aid discount for employees and family
• Internal social recognition platform

This role's pay range is between $131,560/yr - $197,340/yr. This role is also bonus eligible.

*Plan rules/offerings dependent upon group Company/location.