Who we are
You enjoy creating and innovating. You never stop striving for better. You take responsibility and you get results. You love being part of a team. Above all, you want your work to matter: Welcome to our world! At Sonova we create sense by bringing sound to life. Our innovative hearing care solutions help millions of people enjoy life's unforgettable moments.
We offer exceptional career opportunities through market-leading brands from consumer to medical, products and services that keep pushing hearing care forward, and a culture where you can quickly belong and perform at your best.
If you want the freedom to explore, opportunities to grow, and make positive change on people lives through your work, this is the place for you.
Join Sonova. Create sense.
Are you passionate about security engineering and cybersecurity risk management? Do you feel drive when you think about challenges of an efficient "Secure Software Development Lifecycle (SDLC)", "shifting security left" and security automation? Is finding and exploiting vulnerabilities in all sorts of software and IoT devices almost like a hobby for you?
Then this is a great opportunity for you to join our R&D product cybersecurity team and collaborate side-by-side with software developers, architects, project- and product managers to create secure medical products. Your main responsibility is to minimize data privacy and security risks of our mobile apps, cloud services, desktop applications and hearing aids through the entire product lifecycle. In this responsible position you will collaborate across business units with other departments such as corporate IT, legal and quality management.
- Identify and address cybersecurity and data privacy risks through the entire product lifecycle
- Conduct privacy impact assessments and threat modelling for products and services that we develop for our customers
- Ensure privacy and security principles are incorporated by design into our products and services
- Define, execute and establish security and data privacy verification activities such as development guidelines, reviews, SCA, SAST, DAST and penetration testing
- Perform and support vulnerability management for our products and services
- Support creation of privacy and security documentation including required regulatory evidence
- Contribute to security automation and development of DevSecOps practices
- Conduct security risk assessments, identify security risks, develop and propose appropriate remediation and mitigation options
- Evolve our privacy and security processes, methods and tools used for R&D product development and post-market monitoring
- Contribute into the development and execution of the corporate information security program
- Act as an ambassador of information security and risk matters; promote cyber security risk awareness across business functions
- Stay up-to-date on the latest cyber security trends, threats and risks
- Passionate about cybersecurity and data privacy
- BSc/MSc degree in computer science, software engineering or equivalent
- Ideally 5+ years of secure SDLC experience in regulated industry
- Specialization or further education in cybersecurity such as CISSP, GIAC or similar
- Result-oriented team player with a pragmatic approach and good communication skills
- Fluent in written and spoken English, German is a plus
We can offer you a new challenge, with interesting tasks and much more - including an open corporate culture, flat hierarchies, support for further training and development, opportunities to take on responsibility, an excellent range of foods, sports and cultural facilities, attractive employment conditions, and flexible working time models in various roles.
Daryl Alther, Manager Talent Acquisition, is looking forward to receiving your complete application via our online job application platform.
For this vacancy only direct applications will be considered.
+41 58 928 01 01