CRA Practice Lead Secure Software Development (Remote)

CRA Practice Lead – Secure Software Development & Certification

Location: Remote

Reports To: VP Engineering – Product, Data & AI Engineering

Department: Cyber Resilience & Compliance Engineering

Company Overview 
At Codvo, software and people transformations go hand-in-hand. We are a global empathy-led technology services company. Product innovation and mature software engineering are part of our core DNA. Respect, Fairness, Growth, Agility, and Inclusiveness are the core values that we aspire to live by each day.

We continue to expand our digital strategy, design, architecture, and product management capabilities to offer expertise, outside-the-box thinking, and measurable results.

About the Role

We are seeking a CRA Practice Lead to establish and scale a cross-platform, cross-technology development and testing practice aligned with the EU Cyber Resilience Act (CRA). This role will focus on enabling secure-by-design software development, continuous compliance testing, and codebase certification across a wide range of technologies, platforms, and deployment models (cloud, edge, embedded, on-prem). You will lead a multidisciplinary team of engineers, testers, and compliance specialists to ensure our software products meet the highest standards of cybersecurity, resilience, and regulatory readiness.

Key Responsibilities

Practice Leadership

- Define the vision, strategy, and operating model for a CRA-aligned secure development and certification practice.

- Build and lead a high-performing team across secure development, compliance testing, and DevSecOps.

- Collaborate with product, legal, and security teams to interpret CRA requirements and embed them into engineering workflows.

Secure Development & Architecture

- Establish secure-by-design principles across diverse technology stacks (e.g., web, mobile, embedded, cloud-native, edge).

- Drive adoption of secure SDLC practices including threat modeling, secure architecture reviews, and secure coding standards.

- Ensure integration of security controls across heterogeneous environments and third-party components.

Compliance & Certification

- Operationalize CRA-aligned testing and documentation processes across all software delivery pipelines.

- Lead the implementation of automated compliance checks, SBOM generation, and vulnerability management.

- Ensure traceability, audit readiness, and conformity assessment support for CRA and related regulations (e.g., NIS2, ISO 27001).

Tooling & Automation

- Define and implement a technology-agnostic toolchain for secure development, testing, and compliance automation.

- Integrate security and compliance tooling into CI/CD pipelines across multiple platforms and languages.

- Promote reuse of security patterns, templates, and automation assets across teams.

Stakeholder Engagement

- Act as the technical authority on CRA compliance for internal teams, partners, and clients.

- Support pre-sales, solutioning, and proposal development for CRA-related services.

- Represent the practice in regulatory, industry, and standards forums.

Required Skills & Experience

- 10+ years of experience in software engineering, cybersecurity, or compliance, with at least 3 years in a leadership role.

- Proven experience in secure software development across multiple platforms (e.g., cloud, mobile, embedded, edge).

- Strong understanding of cybersecurity regulations including CRA, NIS2, and global standards (e.g., ISO/IEC 27001, ENISA guidelines).

- Hands-on experience with secure SDLC, DevSecOps, and software composition analysis (SCA) tools.

- Familiarity with SBOM standards (e.g., SPDX, CycloneDX) and vulnerability disclosure processes.

- Excellent communication, leadership, and stakeholder management skills.

Preferred Qualifications

- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.

- Experience working in regulated industries (e.g., MedTech, Industrial, Automotive, Fintech).

- Certifications such as CISSP, CSSLP, CISA, or CRA-specific credentials (when available).

- Exposure to open-source governance, third-party risk management, and secure supply chain practices.

Why Join Us?

- Lead a pioneering practice at the intersection of cybersecurity, compliance, and software engineering.

- Work on high-impact projects across industries and platforms.

- Collaborate with a world-class team across AI, Edge, Cloud, and IoT domains.

- Be part of a mission to build resilient, compliant, and trustworthy digital systems.