CRA Lead – Secure Software Development

CRA Lead – Secure Software Development

Reports To: CRA Practice Lead

Department: Cyber Resilience & Compliance Engineering

About Us

At Codvo, we are committed to building scalable, future-ready data platforms that power business impact. We believe in a culture of innovation, collaboration, and growth, where engineers can experiment, learn, and thrive. Join us to be part of a team that solves complex data challenges with creativity and cutting-edge technology.

About the Role

We are seeking a CRA Lead to establish and scale a cross-platform, cross-technology development and testing practices aligned with the EU Cyber Resilience Act (CRA). This role will focus on enabling secure-by-design software development, continuous compliance testing, and codebase certification across a wide range of technologies, platforms, and deployment models (cloud, edge, embedded, on-prem).

Key Responsibilities

Practice Leadership

• Execute the vision, strategy, and operating model for a CRA-aligned secure development and certification practice.
• Build and lead a high-performing team across secure development, compliance testing, and DevSecOps.
• Collaborate with product, legal, and security teams to interpret CRA requirements and embed them into engineering workflows.

Secure Development & Architecture

• Establish secure-by-design principles across diverse technology stacks (e.g., web, mobile, embedded, cloud-native, edge).
• Drive adoption of secure SDLC practices including threat modeling, secure architecture reviews, and secure coding standards.
• Ensure integration of security controls across heterogeneous environments and third-party components.

Compliance & Certification

• Operationalize CRA-aligned testing and documentation processes across all software delivery pipelines.
• Lead the implementation of automated compliance checks, SBOM generation, and vulnerability management.
• Ensure traceability, audit readiness, and conformity assessment support for CRA and related regulations (e.g., NIS2, ISO

Tooling & Automation

• Implement a technology-agnostic toolchain for secure development, testing, and compliance automation.
• Integrate security and compliance tooling into CI/CD pipelines across multiple platforms and languages.
• Promote reuse of security patterns, templates, and automation assets across teams.

Stakeholder Engagement

• Act as the technical authority on CRA compliance for internal teams, partners, and clients.
• Support pre-sales, solutioning, and proposal development for CRA-related services.
• Represent the practice in regulatory, industry, and standards forums.

Required Skills & Experience

• 7-10 years of experience in software engineering, cybersecurity, or compliance, with at least 2 years in a lead/senior role.
• Proven experience in secure software development across multiple platforms (e.g., cloud, mobile, embedded, edge).
• Good understanding of cybersecurity regulations including CRA, NIS2, and global standards
• Hands-on experience with secure SDLC, DevSecOps, and software composition analysis (SCA) tools.
• Familiarity with SBOM standards (e.g., SPDX, CycloneDX) and vulnerability disclosure processes.
• Excellent communication, leadership, and stakeholder management skills.

Preferred Qualifications

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field.
• Experience working in regulated industries (e.g., MedTech, Industrial, Automotive, Fintech).
• Exposure to open-source governance, third-party risk management, and secure supply chain practices.

Why Join Us?

• Lead a pioneering practice at the intersection of cybersecurity, compliance, and software engineering.
• Work on high-impact projects across industries and platforms.
• Collaborate with a world-class team across AI, Edge, Cloud, and IoT domains.
• Be part of a mission to build resilient, compliant, and trustworthy digital systems.