Senior Engineer, Product Cyber Security Systems

Who we are

In a life without sound, our work provides meaning. As a leading provider of innovative hearing care solutions, we are not just a company that makes products: we are a team on a mission to help people enjoy the delight of hearing. To enable a life without limitations, through our core business brands – Advanced Bionics, Audiological Care, Phonak, Sennheiser (under license) and Unitron – we develop, manufacture and distribute solutions that push the limits of technology and redefine the future of our industry.

 

Senior Engineer, Product Cyber Security Systems (Hybrid OR Remote)

 

The Senior Product Cyber Security Systems Engineer role focuses on supporting the cyber security efforts for products and end-consumer services brought to the market by Advanced Bionics. In collaboration with Sonova’s Product Cyber Security Center of Expertise, this position helps maintain robust product security practices, ensuring that products are protected against cyber security threats and compliant with regulatory requirements.

 

Responsibilities:

• Support Product Development: Collaborate with product development, quality, and maintenance teams at Advanced Bionics, providing guidance on product cyber security and secure product development lifecycle.
• Contribute to Cyber Security Strategy: Assist in the development and implementation of Sonova's cross-divisional product cyber security strategy, roadmap, and required security capabilities, ensuring adoption within Advanced Bionics.
• Threat Monitoring: Stay up-to-date with cyber threat and regulatory landscapes, conducting assessments against established standards and frameworks.
• Security Requirements: Assist in identifying relevant security requirements for business processes and products to ensure they are resilient against cyber threats.
• Product Security Policies: Help define, implement, and maintain product security policies, standards, controls, and processes, managing cyber security risks for Advanced Bionics.
• Secure Product Development: Provide input on secure design, development, and maintenance of products, software applications, platforms, and services, working closely with the relevant teams to ensure security is integrated into the development process.
• Security Verification: Conduct and support security verification tasks, including design and code reviews, vulnerability scanning, and penetration testing, collaborating with internal teams and external partners.
• Vulnerability Management: Perform and support vulnerability management activities for the products and services under scope.
• Automation of Security Practices: Contribute to the automation of security practices (DevSecOps) to streamline security processes.
• Security Documentation: Assist in creating and maintaining security documentation, including required quality management deliverables.
• Security Control Metrics: Measure the effectiveness of security controls, define KPIs, and report them to management.
• Product Risk Monitoring: Monitor and assess product cyber risks, helping to ensure product confidentiality, integrity, and availability.
• Security Awareness: Act as an advocate for cyber security best practices within the organization, promoting a culture of security awareness and risk management.
• Incident Management: Provide support in cyber security incident management and response, and participate in incident investigations and tabletop exercises.
• Continuous Improvement: Contribute to continuous improvement initiatives within the product security domain.
• Collaboration and Communication: Work closely with internal stakeholders, external partners, and customers, supporting communication related to product security matters.
• Stay Current on Trends: Keep up with industry trends, best practices, and regulatory requirements to ensure the company’s security posture is always evolving.

General R&D Tasks and Responsibilities:

• Follow Advanced Bionics’ standard operating procedures according to training requirements.
• Contribute to product development by participating in planning, review, and refinement processes.
• Collaborate with interdisciplinary development teams in an agile environment.
• Share and acquire knowledge within the R&D community.
• Support the hiring and onboarding processes for new team members.
• Other duties as assigned.

Travelling Requirement: If working remotely, travel to the Valencia CA site may be required as needed. Travel to other Sonova group-companies may be needed up to twice per year.

 

 

More about you:

 

Education

• Bachelor’s degree or equivalent in engineering Higher level engineering degree (Bachelor or Master) or equivalent work experience

Nice to Have

• Master’s degree or higher in engineering.

 

 

Further Education

• Further education and specialization in cybersecurity

Nice to Have

• Professional security certifications

 

 

Work Experience

At least 5 years of practical experience in the following areas:

• Software engineering
• Software Development Life Cycle (SDLC)
• System design / architecture
• Project management

With a minimum of 3 years in cyber security related roles.

Nice to Have

• Data privacy
• CI/CD, DevSecOps
• Experience in regulated
• industry, preferably medical
• devices
• Class II/II+/III medical device
• experience
• Data privacy experience

 

 

Personal Competencies

• Dynamic person, willing to shape and change processes, distinctively analytical, assertive, independent and target-oriented, expresses empathy, expertise and determination.
• Pragmatic approach. Excellent written English communication skills.
• Excellent analytical and problem-solving skills.
• Logical thinking in high pressure situations.
• Meticulous attention to detail
• Ability to perform under pressure.

 

 

Social Competencies

• Ability to communicate convincingly to all levels of staff and management, with the ability to communicate technical concepts in business terms to various audiences.
• Team player
• Able to work in a distributed, diverse collaboration environment.
• Ability to establish and foster cooperative relationships and networking across teams.
• Ability to manage multiple simultaneous conflicting tasks and demands.

 

 

Leadership Competencies

• Line and project management experience
• Able to make conscious decisions
• Able to lead teams and other with only informal authority

 

 

Professional Competencies

• Ability to explain complex security topics to people without security background
• Ability to effectively integrate information from varied disciplines including multiple engineering disciplines, marketing and regulatory affairs
• Threat modelling, security assessments, security verification, security engineering
• Demonstrated competencies in current cybersecurity tools and technologies
• Experience with vulnerability identification and management
• Demonstrated knowledge of common attacker methodologies and/or threat modelling tools
• Comfort with technical and business issues/requirements, sound business understanding.
• Strategic ability and aptitude.
• Stay up-to-date on the current Cyber Security trends, best practices, technologies, regulatory requirements and risks
• Knowledge of OWASP-10 and SANS CWE-25

Nice to Have

• Secure SDLC practices
• CI/CD
• Cryptography
• Authentication and authorization protocols and methods such as OAuth2 and WebAuthn
• Application security
• Vulnerability management
• Security audit
• Security-relevant communication to external stakeholders
• Security and privacy frameworks and standards
• Relevant regulations (e.g. GDPR, MDR, FDA, HIPAA,..)
•  AI

Practical experience with:

• Programming languages such as C, C++, C#, Java, Swift, Kotlin, TypeScript, Rust
• Scripting languages such as: Python, PowerShell, bash
• Software frameworks and services such as: .NET Fwk, .Net Core, Angular, Azure
•  Communication protocols and security protocols such as Bluetooth (Classic, LE), WLAN, TLS
• Strong process/project management capabilities.
• Smart device, PC and embedded software code.
• Familiarity with vulnerabilities of common wireless protocols such as RF, Bluetooth and Wi-Fi.
• Experience with penetration

 

 

Language(s)/ Level

• English/ Fluent

Nice to Have

• German/ Basics  

 

 

IT Skills

• Good working knowledge of Windows, MS Office, Linux, Mac

Nice to Have

• Confluence, MS Teams, Polarion, Jira

 

Further Requirements: Flexibility, stress tolerance, able to perform under pressure.

 

A minimum of 200Mb/sec download and 10Mb/sec upload speed internet connectivity is required to support any remote/hybrid employee functionality at Sonova

Don't meet all the criteria?  If you’re willing to go all in and learn we'd love to hear from you! 

 

 

 What we offer:

• Medical, dental and vision coverage*
• Health Savings, Health Reimbursement, Flexible Spending/Dependent Care Accounts
• TeleHealth options
• 401k plan with company match*
• Company paid life/ad&d insurance
  • Additional supplemental life/ad&d coverage available
• Company paid Short/Long-Term Disability coverage (STD/LTD)
  • STD LTD Buy-ups available
• Accident/Hospital Indemnity coverage
• Legal/ID Theft Assistance
• PTO (or sick and vacation time), floating Diversity Day, & paid holidays*
• Paid parental bonding leave
• Employee Assistance Program (24/7 mental health support hotline, 5 company paid counseling sessions and more)
• Robust Internal Career Growth opportunities
• Tuition reimbursement
• Hearing aid discount for employees and family
• Internal social recognition platform
• D&I focused: D&I council and employee resource groups

*Plan rules/offerings dependent upon group Company/location.

This role's pay range is between $82,400/yr - $123,600/yr (based on location). This role is also bonus eligible. 

 

How we work:

At Sonova, we prioritize the well-being of our employees and foster an inclusive environment that promotes engagement and collaboration. Our team-customized hybrid work model empowers teams to balance individual needs with business goals, offering flexibility and individualized time management. We recognize the importance of life outside of work and strive to create a supportive and motivating workplace where innovation thrives.