Principal Engineer, Cybersecurity Job Details | Sonova AG
$120,000 - $180,000/Yr
Sonova - Valencia, CA
posted 16 days ago
Full-time - Senior
Hybrid - Valencia, CA
Computer and Electronic Product Manufacturing
About the position
The Principal Engineer, Product Cyber Security performs complex work in research, design and development of new or existing Software products, tools and processes required for the operation, maintenance and testing of products. Cyber Security of the Advanced Bionics products and services has been recognized as very important for our customers and for Advanced Bionics business success.
Responsibilities
- Serve as the SME for product cybersecurity risk assessments including threat modeling, asset tracking, vulnerability/defect identification and management, impact assessment, risk control measure development, and security test planning.
- Collaborate with and contribute to the Sonova Global Product Cyber Security Center of Expertise (CoE).
- Implement Advanced Bionics Product Cyber Security strategy and roadmap, building necessary capabilities to execute projects.
- Continuously monitor and manage Product cyber risks to ensure confidentiality, integrity, and resilience of Sonova products and services.
- Report on the effectiveness of security controls.
- Ensure the secure design, development, and maintenance of products, platforms, and services.
- Lead and mentor product development, quality, and maintenance teams in cyber security and secure product development lifecycle practices.
- Contribute to the development and implementation of Sonova's cross-divisional product cyber security strategy.
- Monitor threats and regulatory landscapes, conducting gap assessments against standards and frameworks.
- Identify security requirements for business processes and products.
- Define, implement, and maintain global and Advanced Bionics-specific product security policies, standards, controls, and processes.
- Provide guidance on secure design, development, and maintenance of products, software applications, platforms, and services.
- Conduct threat modeling and cyber risk assessments.
- Define and execute security verification and validation tasks, such as design and code reviews, static and dynamic code analysis, vulnerability scanning, and penetration testing.
- Perform and support vulnerability management for products and services.
- Support the creation of security documentation and required quality management deliverables.
- Drive and contribute to the automation of security practices (DevSecOps).
- Measure and report on the effectiveness of security controls using meaningful KPIs.
- Act as an ambassador for information security and cyber risk, promoting awareness and a secure culture within the organization.
- Provide guidance on product cyber security topics and risks to relevant stakeholders.
- Support cyber security incident management, response, and customer complaint processes.
- Initiate periodic Product Security Health Checks/Risk Assessments and manage mitigation measures.
- Drive continuous improvement in your area of responsibility.
- Support security reviews, internal, and external audits.
- Communicate and report product security risk status to senior and product management.
- Build and maintain relationships with internal stakeholders and external partners.
- Support communication with external stakeholders, including customers, authorities, and other third parties related to product security.
- Stay updated on current Cyber Security trends, best practices, technologies, regulatory requirements, and risks.
- Work with the Director of Product Cyber Security Center of Expertise to set strategic direction and planning for product security risk.
Requirements
- Higher level engineering degree: Bachelor's with 10+ years relevant experience or Master's with 8+ years relevant experience.
- Further education and specialization in cybersecurity.
- 10+ years of practical experience in software engineering, Software Development Life Cycle (SDLC), system design/architecture, and project management.
- 5+ years in cyber security related roles.
Nice-to-haves
- Expertise in secure software development lifecycle practices.
- Knowledge of continuous integration and continuous delivery processes.
- Proficiency in cryptographic methods.
- Familiarity with protocols such as OAuth2 and WebAuthn.
- Experience in securing applications.
- Skilled in identifying and managing vulnerabilities.
- Ability to conduct security audits.
- Capable of communicating security-related information to external stakeholders.
- Knowledge of security and privacy frameworks and standards.
- Understanding of relevant regulations such as GDPR, MDR, FDA, and HIPAA.
- Experience with artificial intelligence applications.
Benefits
- Medical, dental and vision coverage
- Health Savings, Health Reimbursement, Flexible Spending/Dependent Care Accounts
- TeleHealth options
- 401k plan with company match
- Company paid life/ad&d insurance
- Additional supplemental life/ad&d coverage available
- Company paid Short/Long-Term Disability coverage (STD/LTD)
- STD LTD Buy-ups available
- Accident/Hospital Indemnity coverage
- Legal/ID Theft Assistance
- PTO (or sick and vacation time), floating Diversity Day, & paid holidays
- Paid parental bonding leave
- Employee Assistance Program (24/7 mental health support hotline, 5 company paid counseling sessions and more)
- Robust Internal Career Growth opportunities
- Tuition reimbursement
- Hearing aid discount for employees and family
- Internal social recognition platform
- D&I focused: D&I council and employee resource groups
