CRA Practice Lead – Secure Software Development (Remote)

We are seeking a CRA Practice Lead to establish and scale a cross-platform, cross-technology development and testing practice aligned with the EU Cyber Resilience Act (CRA). This role will focus on enabling secure-by-design software development, continuous compliance testing, and codebase certification across a wide range of technologies, platforms, and deployment models (cloud, edge, embedded, on-prem). You will lead a multidisciplinary team of engineers, testers, and compliance specialists to ensure our software products meet the highest standards of cybersecurity, resilience, and regulatory readiness.

- Define the vision, strategy, and operating model for a CRA-aligned secure development and certification practice.

- Build and lead a high-performing team across secure development, compliance testing, and DevSecOps.

- Collaborate with product, legal, and security teams to interpret CRA requirements and embed them into engineering workflows.

- Establish secure-by-design principles across diverse technology stacks (e.g., web, mobile, embedded, cloud-native, edge).

- Drive adoption of secure SDLC practices including threat modeling, secure architecture reviews, and secure coding standards.

- Ensure integration of security controls across heterogeneous environments and third-party components.

- Operationalize CRA-aligned testing and documentation processes across all software delivery pipelines.

- Lead the implementation of automated compliance checks, SBOM generation, and vulnerability management.

- Ensure traceability, audit readiness, and conformity assessment support for CRA and related regulations (e.g., NIS2, ISO 27001).

- Define and implement a technology-agnostic toolchain for secure development, testing, and compliance automation.

- Integrate security and compliance tooling into CI/CD pipelines across multiple platforms and languages.

- Promote reuse of security patterns, templates, and automation assets across teams.

- Act as the technical authority on CRA compliance for internal teams, partners, and clients.

- Support pre-sales, solutioning, and proposal development for CRA-related services.

- Represent the practice in regulatory, industry, and standards forums.

- 10+ years of experience in software engineering, cybersecurity, or compliance, with at least 3 years in a leadership role.

- Proven experience in secure software development across multiple platforms (e.g., cloud, mobile, embedded, edge).

- Strong understanding of cybersecurity regulations including CRA, NIS2, and global standards (e.g., ISO/IEC 27001, ENISA guidelines).

- Hands-on experience with secure SDLC, DevSecOps, and software composition analysis (SCA) tools.

- Familiarity with SBOM standards (e.g., SPDX, CycloneDX) and vulnerability disclosure processes.

- Excellent communication, leadership, and stakeholder management skills.

- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.

- Experience working in regulated industries (e.g., MedTech, Industrial, Automotive, Fintech).

- Certifications such as CISSP, CSSLP, CISA, or CRA-specific credentials (when available).

- Exposure to open-source governance, third-party risk management, and secure supply chain practices.