- Conduct cyber risk assessments before placing products on the EU market and ensure products have no known exploitable vulnerabilities at launch. Ensure compliance with Annex I requirements (encryption, data integrity, authentication, access control).
- Provide security updates/patches throughout the product lifecycle; run vulnerability intake/triage/prioritization/patch development/distribution/verification. For actively exploited vulnerabilities or severe product-impacting incidents, use the unified reporting platform (ENISA): initial alert within 24 hours, detailed notification within 72 hours, final report (for vulnerabilities: within 14 days after patch availability). Notify both the relevant CSIRT/coordinator and ENISA.
3. Conformity assessment & CE marking
- Follow appropriate conformity assessment (self-assessment or notified body) depending on product class (default / important / critical). Verify required assessment modules (Module A, B+C, H, etc.) per CRA.
4. Documentation & retention
- Prepare and retain technical documentation (including risk assessments), SBOM, EU Declaration of Conformity, and user guidance for at least 10 years after market placement or for the support period (whichever is longer). Manufacturer should define product support period (recommended minimum: 5 years).
requirements-expected :
Required qualifications:
1. Entry-level applicants: only graduates of a degree related to the role or a closely related field may apply.
2. Professional English skills — able to produce technical documentation, handle email correspondence and participate in meetings.
