CRA Lead – Secure Software Development

CRA Lead – Secure Software Development  Reports To: CRA Practice Lead Department: Cyber Resilience & Compliance Engineering

About Us

At Codvo, we are committed to building scalable, future-ready data platforms that power business impact. We believe in a culture of innovation, collaboration, and growth, where engineers can experiment, learn, and thrive. Join us to be part of a team that solves complex data challenges with creativity and cutting-edge technology.

About the Role We are seeking a CRA Lead to establish and scale a cross-platform, cross-technology development and testing practices aligned with the EU Cyber Resilience Act (CRA). This role will focus on enabling secure-by-design software development, continuous compliance testing, and codebase certification across a wide range of technologies, platforms, and deployment models (cloud, edge, embedded, on-prem).   Key Responsibilities Practice Leadership - Execute the vision, strategy, and operating model for a CRA-aligned secure development and certification practice. - Build and lead a high-performing team across secure development, compliance testing, and DevSecOps. - Collaborate with product, legal, and security teams to interpret CRA requirements and embed them into engineering workflows. Secure Development & Architecture - Establish secure-by-design principles across diverse technology stacks (e.g., web, mobile, embedded, cloud-native, edge). - Drive adoption of secure SDLC practices including threat modeling, secure architecture reviews, and secure coding standards. - Ensure integration of security controls across heterogeneous environments and third-party components. Compliance & Certification - Operationalize CRA-aligned testing and documentation processes across all software delivery pipelines. - Lead the implementation of automated compliance checks, SBOM generation, and vulnerability management. - Ensure traceability, audit readiness, and conformity assessment support for CRA and related regulations (e.g., NIS2, ISO Tooling & Automation - Implement a technology-agnostic toolchain for secure development, testing, and compliance automation. - Integrate security and compliance tooling into CI/CD pipelines across multiple platforms and languages. - Promote reuse of security patterns, templates, and automation assets across teams. Stakeholder Engagement - Act as the technical authority on CRA compliance for internal teams, partners, and clients. - Support pre-sales, solutioning, and proposal development for CRA-related services. - Represent the practice in regulatory, industry, and standards forums. Required Skills & Experience years of experience in software engineering, cybersecurity, or compliance, with at least 2 years in a lead/senior role. - Proven experience in secure software development across multiple platforms (e.g., cloud, mobile, embedded, edge). - Good understanding of cybersecurity regulations including CRA, NIS2, and global standards - Hands-on experience with secure SDLC, DevSecOps, and software composition analysis (SCA) tools. - Familiarity with SBOM standards (e.g., SPDX, CycloneDX) and vulnerability disclosure processes. - Excellent communication, leadership, and stakeholder management skills. Preferred Qualifications - Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field. - Experience working in regulated industries (e.g., MedTech, Industrial, Automotive, Fintech). - Exposure to open-source governance, third-party risk management, and secure supply chain practices. Why Join Us? - Lead a pioneering practice at the intersection of cybersecurity, compliance, and software engineering. - Work on high-impact projects across industries and platforms. - Collaborate with a world-class team across AI, Edge, Cloud, and IoT domains. - Be part of a mission to build resilient, compliant, and trustworthy digital systems.

---