This project is directly focused on achieving compliance with the Cyber Resilience Act (CRA), a strategic priority for the organization. The role involves designing and implementing scalable security mechanisms across a broad product portfolio, including embedded systems, ensuring regulatory compliance and long-term maintainability of solutions.

The initiative spans multiple products, legacy codebases, heterogeneous build environments, and numerous repositories, requiring pragmatic and scalable security solutions.

Key Challenges

Implementing security measures in existing legacy systems (non-greenfield).

Balancing CRA regulatory compliance with engineering pragmatism.

Delivering scalable, auditable, reusable, and maintainable solutions.

Security & DevSecOps Engineer – Cyber Resilience Act (CRA) Compliance

Your responsibilities

• Design, implement, and maintain scalable security workflows across multiple products and repositories.
• Translate legal and regulatory requirements (CRA) into actionable technical solutions.
• Implement and scale DevSecOps practices, including SAST, SCA, and SBOM generation.
• Integrate security tools (e.g., Veracode, CodeSonar) into CI/CD pipelines.
• Build and maintain centralized vulnerability management systems, including vulnerability databases and waiver management.
• Ensure full traceability for audits and consistent risk management practices.
• Collaborate across multiple teams to ensure end-to-end ownership of security solutions.
• Work in complex, heterogeneous, and legacy environments with limited automation.
• Optionally contribute to AI-assisted vulnerability remediation workflows and semi-automated

Our requirements

• Experienced engineer with strong technical security expertise and DevOps / DevSecOps skills.
• Proven experience working with security or product compliance regulations.
• Ability to translate legal requirements into technical implementations.
• Programming: C/C++
• DevOps / CI/CD pipelines (GitHub, GitLab, GitHub Actions, AWS)
• Security practices: application and product security, code analysis
• Tools: SAST, SCA, SBOM generation, Veracode, CodeSonar, CI/CD automation
• Build environments: CMake, Make, vendor-specific solutions, integration of security tools into custom pipelines
• Previous role in DevSecOps or similar security-focused engineering position.
• Experience with embedded systems and long-lifecycle products.
• Ability to operate at scale: multiple teams, repositories, and products.
• Strong ownership mentality with end-to-end solution delivery.
• High level of independence and decision-making authority.
• Pragmatic approach balancing regulatory compliance, engineering efficiency, and scalability.
• Ability to operate in heterogeneous, legacy environments with minimal standardization.