Principal Engineer, Cybersecurity

About The Position

Requirements

• Bachelor’s degree with 10+ years of relevant experience or Master’s degree with 8+ years of experience in Engineering, Computer Science, Cyber Security, or related technical discipline
• 10+ years of practical experience in software engineering, SDLC, systems architecture, and project management
• 5+ years of cybersecurity-related experience
• Strong expertise in threat modeling, security assessments, vulnerability management, and secure product development
• Excellent analytical, problem-solving, and communication skills
• Ability to communicate complex technical cybersecurity concepts to both technical and non-technical audiences
• Experience working cross-functionally in a highly collaborative environment

Nice To Haves

• Previous medical device industry experience
• Knowledge of secure SDLC, CI/CD, cryptography, authentication and authorization protocols (OAuth2, WebAuthn)
• Familiarity with cybersecurity standards and frameworks including OWASP Top 10, SANS CWE-25, GDPR, MDR, FDA, and HIPAA
• Experience with programming languages such as C, C++, C#, Java, Swift, Kotlin, TypeScript, Rust, Python, PowerShell, or Bash
• Experience with Bluetooth, Wi-Fi, TLS, embedded systems, penetration testing, and wireless protocol security

Responsibilities

• Serve as the SME for product cybersecurity risk assessments, including threat modeling, vulnerability management, impact assessments, and security test planning
• Collaborate with the Sonova Global Product Cyber Security Center of Expertise (CoE) to implement cybersecurity strategy and roadmap initiatives
• Ensure secure design, development, and maintenance of hardware, embedded software, smart device applications, and PC software products
• Lead cybersecurity risk assessments and security verification activities, including code reviews, vulnerability scanning, penetration testing, and validation activities
• Monitor evolving cyber threats, regulatory requirements, and industry standards, conducting gap assessments and recommending mitigation strategies
• Define and maintain cybersecurity policies, standards, controls, and secure product development practices
• Support vulnerability management, incident response activities, and customer complaint investigations related to cybersecurity
• Partner with internal and external stakeholders, including regulatory bodies, customers, and cross-functional product teams
• Drive continuous improvement and automation of cybersecurity practices, including DevSecOps initiatives
• Mentor product development and quality teams on secure product development lifecycle best practices

Benefits

• Medical, dental and vision coverage
• Health Savings, Health Reimbursement, Flexible Spending/Dependent Care Accounts
• TeleHealth options
• 401k plan with company match
• Company paid life/ad&d insurance
• Additional supplemental life/ad&d coverage available
• Company paid Short/Long-Term Disability coverage (STD/LTD)
• STD LTD Buy-ups available
• Accident/Hospital Indemnity coverage
• Legal/ID Theft Assistance
• PTO (or sick and vacation time), floating Diversity Day, & paid holidays
• Paid parental bonding leave
• Employee Assistance Program (24/7 mental health support hotline, 5 company paid counseling sessions and more)
• Robust Internal Career Growth opportunities
• Tuition reimbursement
• Hearing aid discount for employees and family
• Internal social recognition platform