Offensive Security Engineer
U.S. Bank
Senior Engineer, Product Cybersecurity Systems
Sonova Group
full-time
Posted on:
Location: California • 🇺🇸 United States
Visit company websiteSalary
💰 $82,400 - $123,600 per year
Job Level
Senior
Tech Stack
AngularAzureCyber SecurityJavaKotlinLinux.NETPythonRustSDLCSwiftTypeScript
About the role
- Collaborate with product development, quality, and maintenance teams to integrate cyber security into the secure product development lifecycle.
- Support the implementation of Sonova’s cross-divisional product cyber security strategy, roadmap, and security capabilities.
- Monitor cyber threats, regulatory changes, and industry trends; conduct security assessments and ensure compliance with relevant standards.
- Define and maintain product security policies, requirements, standards, and processes to mitigate risks and ensure confidentiality, integrity, and availability.
- Perform security verification activities, including design/code reviews, vulnerability scanning, and penetration testing, and manage vulnerability remediation.
- Contribute to DevSecOps automation and maintain security documentation, KPIs, and quality deliverables.
- Support incident response, investigations, and security awareness initiatives across the organization.
- Collaborate with internal teams, external partners, and customers on product security matters.
- Participate in R&D activities, agile planning, and interdisciplinary team collaboration; support knowledge sharing, hiring, and onboarding.
- Other duties as assigned.
- Travelling Requirement: Travel to other Sonova group-companies may be needed up to twice per year.
Requirements
- Bachelor’s degree in engineering or equivalent work experience
- At least 5 years of practical experience in software engineering, Software Development Life Cycle (SDLC), System design / architecture, Project management, with a minimum of 3 years in cyber security related roles
- Ability to explain complex security topics to people without security background
- Demonstrated competencies in current cybersecurity tools and technologies
- Experience with vulnerability identification and management
- Demonstrated knowledge of common attacker methodologies and/or threat modelling tools
- Knowledge of OWASP-10 and SANS CWE-25
- Familiarity with vulnerabilities of common wireless protocols such as RF, Bluetooth and Wi-Fi
- Data privacy experience
- Experience in regulated industry, preferably medical devices Class II/II+/III medical device experience
