CRA Lead – Secure Software Development

We are seeking a CRA Lead to establish and scale a cross-platform, cross-technology development and testing practices aligned with the EU Cyber Resilience Act (CRA). This role will focus on enabling secure-by-design software development, continuous compliance testing, and codebase certification across a wide range of technologies, platforms, and deployment models (cloud, edge, embedded, on-prem).

Practice Leadership

- Execute the vision, strategy, and operating model for a CRA-aligned secure development and certification practice.

- Build and lead a high-performing team across secure development, compliance testing, and DevSecOps.

- Collaborate with product, legal, and security teams to interpret CRA requirements and embed them into engineering workflows.

Secure Development & Architecture

- Establish secure-by-design principles across diverse technology stacks (e.g., web, mobile, embedded, cloud-native, edge).

- Drive adoption of secure SDLC practices including threat modeling, secure architecture reviews, and secure coding standards.

- Ensure integration of security controls across heterogeneous environments and third-party components.

Compliance & Certification

- Operationalize CRA-aligned testing and documentation processes across all software delivery pipelines.

- Lead the implementation of automated compliance checks, SBOM generation, and vulnerability management.

- Ensure traceability, audit readiness, and conformity assessment support for CRA and related regulations (e.g., NIS2, ISO 27001).

Tooling & Automation

- Implement a technology-agnostic toolchain for secure development, testing, and compliance automation.

- Integrate security and compliance tooling into CI/CD pipelines across multiple platforms and languages.

- Promote reuse of security patterns, templates, and automation assets across teams.

Stakeholder Engagement

- Act as the technical authority on CRA compliance for internal teams, partners, and clients.

- Support pre-sales, solutioning, and proposal development for CRA-related services.

- Represent the practice in regulatory, industry, and standards forums.

- 7-10 years of experience in software engineering, cybersecurity, or compliance, with at least 2 years in a lead/senior role.

- Proven experience in secure software development across multiple platforms (e.g., cloud, mobile, embedded, edge).

- Good understanding of cybersecurity regulations including CRA, NIS2, and global standards

- Hands-on experience with secure SDLC, DevSecOps, and software composition analysis (SCA) tools.

- Familiarity with SBOM standards (e.g., SPDX, CycloneDX) and vulnerability disclosure processes.

- Excellent communication, leadership, and stakeholder management skills.

- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.

- Experience working in regulated industries (e.g., MedTech, Industrial, Automotive, Fintech).

- Exposure to open-source governance, third-party risk management, and secure supply chain practices.

- Lead a pioneering practice at the intersection of cybersecurity, compliance, and software engineering.

- Work on high-impact projects across industries and platforms.

- Collaborate with a world-class team across AI, Edge, Cloud, and IoT domains.

- Be part of a mission to build resilient, compliant, and trustworthy digital systems.