Senior / Lead Security & DevSecOps Engineer – Cyber Resilience Act (CRA) Compliance

Wymagania: Mandatory Background - Experienced engineer with strong technical security expertise and DevOps / DevSecOps skills. - Proven experience working with security or product compliance regulations. - Ability to translate legal requirements into technical implementations. Technical Skills - Programming: C/C++ - DevOps / CI/CD pipelines (GitHub, GitLab, GitHub Actions, AWS) - Security practices: application and product security, code analysis - Tools: SAST, SCA, SBOM generation, Veracode, CodeSonar, CI/CD automation - Build environments: CMake, Make, vendor-specific solutions, integration of security tools into custom pipelines Preferred Experience - Previous role in DevSecOps or similar security-focused engineering position. - Experience with embedded systems and long-lifecycle products. - Ability to operate at scale: multiple teams, repositories, and products. - Strong ownership mentality with end-to-end solution delivery. Soft Skills - High level of independence and decision-making authority. - Pragmatic approach balancing regulatory compliance, engineering efficiency, and scalability. - Ability to operate in heterogeneous, legacy environments with minimal standardization. Project Details - Start: Planned late April / early May, flexible depending on team setup - Duration: 12–18 months - Business Deadline: CRA compliance rollout by December 2027 - Team Size: 3 engineers - Work Environment: Heterogeneous CI/CD, multiple build systems, legacy and embedded products Key Challenges - Implementing security measures in existing legacy systems (non-greenfield). - Balancing CRA regulatory compliance with engineering pragmatism. - Delivering scalable, auditable, reusable, and maintainable solutions. Codzienne zadania: - Design, implement, and maintain scalable security workflows across multiple products and repositories. - Translate legal and regulatory requirements (CRA) into actionable technical solutions. - Implement and scale DevSecOps practices, including SAST, SCA, and SBOM generation. - Integrate security tools (e.g., Veracode, CodeSonar) into CI/CD pipelines. - Build and maintain centralized vulnerability management systems, including vulnerability databases and waiver management. - Ensure full traceability for audits and consistent risk management practices. - Collaborate across multiple teams to ensure end-to-end ownership of security solutions. - Work in complex, heterogeneous, and legacy environments with limited automation. - Optionally contribute to AI-assisted vulnerability remediation workflows and semi-automated solutions.