Software Security Architect – Cyber Resilience Act (CRA) Focus (m/f)
Remote · Glasgow, Scotland, United Kingdom or Bucharest, București, Romania
Job Summary
Lead Software Security Architecture efforts to drive CRA compliance across MCU/MPU product portfolios, translating regulatory requirements into practical security controls and architecture guidelines. Spearhead threat modeling and system-level security analyses, ensure audit readiness and end-to-end traceability of requirements, and embed security-by-design across legacy products and new product introductions. Collaborate with engineering, product management, and compliance teams to apply security standards and methodologies consistently across product lines, while supporting certification efforts and regulatory alignment for CRA readiness in 2027. Responsibilities span architecture definition, threat modeling, security risk assessments, and cross-functional alignment to maintain compliant, secure product portfolios. Preferred background includes embedded systems security, hardware security architecture, secure boot, cryptography, and firmware protection; familiarity with PSA, SESIP, and Common Criteria; interest or experience in CRA and compliance-driven development.
Required Qualifications
- Strong background in Embedded systems security or hardware/software security architecture
- Proven experience with Threat modeling methodologies and security technologies (e.g., secure boot, cryptography, firmware protection)
- Familiarity with security certification frameworks (PSA, SESIP, Common Criteria)
- Experience with or strong interest in Cyber Resilience Act (CRA), product security regulations and standards
- Ability to translate regulatory requirements into technical implementation and security controls
- Strong analytical and system-level thinking; excellent stakeholder management and cross-functional collaboration skills
- Experience working in global, matrixed organizations with diverse product teams
- Comfortable with security risk assessments aligned with CRA expectations and industry standards
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.