Senior Cybersecurity Certification & Regulatory Framework Engineer

O projekcie: We are seeking an experienced Senior Cybersecurity Engineer to support long-term initiatives related to European cybersecurity certification schemes, regulatory frameworks, and ICT product security evaluations. The role focuses on aligning technical security assessments with evolving EU cybersecurity legislation and certification programs. The project involves collaboration with regulatory stakeholders, certification bodies, and technical experts to support development, evaluation, and implementation of cybersecurity assurance frameworks. The scope includes cloud security certification, digital identity trust frameworks, telecommunications security, and ICT product certification methodologies. The engagement is planned to start in May 2026 with an expected duration of 3+ years, providing continuity in regulatory-driven cybersecurity initiatives and certification-related engineering activities. Wymagania: - Bachelor’s degree (EQF Level 6) in Computer Science, Computer Engineering, or equivalent, supported by diploma. - Minimum 8 years of professional experience in cybersecurity engineering, certification, or security assessment services. - Strong understanding of technical and regulatory scope of existing and upcoming schemes, including: - Common Criteria framework (ISO/IEC 15408) and evaluation methodology (ISO/IEC 18045), particularly EUCC and SOG-IS practices - Cloud security and assurance models (EUCS) - Managed Security Services (EU MSS) - Digital identity and trust frameworks (EUDI Wallet, eIDAS 2.0) - EU telecommunications and critical infrastructure security, including 5G - ICT product security evaluation and certification schemes (e.g., CC/SOGIS, EMVCo, FIDO) and related standards - Demonstrated knowledge of: - Regulation (EU) 2019/881 (Cybersecurity Act) and European cybersecurity certification schemes - EU legislation including Cyber Resilience Act (CRA), NIS2 Directive, DORA, eIDAS 2 - Risk assessment standards (e.g., ISO/IEC 27005) - Cryptography-related regulations - Excellent technical writing and reporting skills - Strong communication and presentation skills - Fluent English (minimum C1 level, spoken and written) Nice to Have - Knowledge of EU, Member State, and international cybersecurity legal frameworks - Postgraduate degree in cybersecurity (EQF Level 7) - Certifications such as: - ISO 27001 Lead Auditor or Lead Implementer - ISO/IEC 17000 series or equivalent conformity assessment frameworks - CISM, CISSP, ISO 22301 or similar professional certifications - Experience with Conformity Assessment Body (CAB) notification processes - Interdisciplinary cybersecurity knowledge (technical, organizational, legal, economic, policy-related) - Experience participating in or leading working groups - Involvement in standardization activities (e.g., ETSI, ISO committees) - Active contribution to industry working groups or regulatory initiatives Codzienne zadania: - Support cybersecurity certification activities aligned with European certification schemes and regulatory requirements. - Analyze and interpret technical and regulatory cybersecurity frameworks, including certification methodologies and assurance models. - Contribute to ICT product security evaluations and conformity assessment processes. - Provide expertise in Common Criteria-based evaluations and associated methodologies. - Assess security requirements for cloud services, managed security services, and digital identity frameworks. - Support security assurance for telecommunications and critical infrastructure (including EU 5G security considerations). - Prepare high-quality technical reports, assessments, and documentation for stakeholders. - Participate in risk assessment activities aligned with recognized standards. - Collaborate with multidisciplinary teams including regulatory, legal, and technical stakeholders. - Provide recommendations on compliance with EU cybersecurity legislation and certification schemes. - Contribute to workshops, working groups, and technical discussions related to cybersecurity certification. - Present technical findings to internal and external stakeholders.