Top Benefits
About the role
Kitchener (ON), Canada
Product Cybersecurity Expert
Research & Development | Hybrid
Help secure the future of connected hearing care. As our Product Cybersecurity Expert in R&D, you will help protect the products and digital experiences that improve hearing health and human connection worldwide.
In this role, you will combine product cybersecurity expertise with technical leadership responsibilities, supporting secure design, threat modeling, vulnerability management, DevSecOps integration, and regulatory evidence for connected medical devices while collaborating across global R&D, quality, regulatory, and product teams.
WHAT YOU’LL DO
Embed cybersecurity across the secure product lifecycle for connected medical devices, embedded platforms, firmware, mobile apps, and cloud-based services
Lead threat modeling, product cybersecurity risk assessments, and mitigation planning with global R&D teams
Integrate security checks and tooling into development workflows and CI/CD pipelines to find and address issues early
Drive product vulnerability management for Sonova products, including intake, triage, remediation tracking, and post-market monitoring.
Prepare audit-ready cybersecurity evidence for regulatory submissions and quality processes, including FDA, MDR, and IEC 81001-5-1 expectations
Plan and coordinate security testing with internal teams and external partners; analyze findings and drive remediation
Advise product, engineering, quality, and regulatory stakeholders on practical, risk-based security decisions
Strengthen cybersecurity capability through coaching, security champions, and cross-functional collaboration
WHAT YOU BRING
5+ years of experience in software engineering, system/software architecture, product development, project management, or DevSecOps, including 3+ years in cybersecurity
Strong practical knowledge of secure SDLC, threat modeling, security assessments, security testing, and vulnerability management
Experience translating security risks and technical findings into clear decisions for engineering, product, quality, and leadership audiences
Understanding of modern development workflows, CI/CD, and how to integrate security without slowing innovation
Knowledge of cryptography, authentication protocols, cloud and software supply chain security
Basic understanding of AI technology and associated threats; hands-on experience using AI technology
Higher-level engineering degree or equivalent experience, with further education or specialization in cybersecurity
Excellent English communication skills and the ability to influence across distributed, cross-functional teams
NICE TO HAVE
Experience in medical devices, healthcare, or another regulated product environment
Security certifications such as ISC2/CISSP, GIAC, or equivalent accredited programs
Working knowledge of Privacy by Design principles
A minimum of 200Mb/sec download and 10Mb/sec upload speed internet connectivity is required to support any remote/hybrid employee functionality at Sonova Don't meet all the criteria? If you’re willing to go all in and learn we'd love to hear from you! We are looking forward to receiving your application via our online job application platform. For this position only direct applications will be considered. Sonova does not recruit via app, telegram, carrier pigeon or any other format that does not include speaking with an actual human. If you are offered a job without speaking with someone please contact mailto:wholesale.HR@sonova.com This role's pay range is between: $112,000 - $140,000. This role is also bonus eligible. How we work: At Sonova, we prioritize the well-being of our employees and foster an inclusive environment that promotes engagement and collaboration. Our team-customized hybrid work model empowers teams to balance individual needs with business goals, offering flexibility and individualized time management. We recognize the importance of life outside of work and strive to create a supportive and motivating workplace where innovation thrives.