Security & DevSecOps Engineer – Cyber Resilience Act (CRA) Compliance

Design, implement, and maintain scalable security workflows across multiple products and repositories.
Translate legal and regulatory requirements (CRA) into actionable technical solutions.
Implement and scale DevSecOps practices, including SAST, SCA, and SBOM generation.
Integrate security tools (e.g., Veracode, CodeSonar) into CI/CD pipelines.
Build and maintain centralized vulnerability management systems, including vulnerability databases and waiver management.
Ensure full traceability for audits and consistent risk management practices.
Collaborate across multiple teams to ensure end-to-end ownership of security solutions.
Work in complex, heterogeneous, and legacy environments with limited automation.
Optionally contribute to AI-assisted vulnerability remediation workflows and semi-automated

Experienced engineer with strong technical security expertise and DevOps / DevSecOps skills.
Proven experience working with security or product compliance regulations.
Ability to translate legal requirements into technical implementations.
Programming: C/C++
DevOps / CI/CD pipelines (GitHub, GitLab, GitHub Actions, AWS)
Security practices: application and product security, code analysis
Tools: SAST, SCA, SBOM generation, Veracode, CodeSonar, CI/CD automation
Build environments: CMake, Make, vendor-specific solutions, integration of security tools into custom pipelines
Previous role in DevSecOps or similar security-focused engineering position.
Experience with embedded systems and long-lifecycle products.
Ability to operate at scale: multiple teams, repositories, and products.
Strong ownership mentality with end-to-end solution delivery.

High level of independence and decision-making authority.
Pragmatic approach balancing regulatory compliance, engineering efficiency, and scalability.
Ability to operate in heterogeneous, legacy environments with minimal standardization.

Hexjobs Insights