Codvo.ai · 2 months ago
CRA Practice Lead – Secure Software Development (Remote)
United States
Full-time
Remote
Senior Level, Lead/Staff
10+ years expCodvo.ai is a global empathy-led technology services company focused on software and people transformations. They are seeking a CRA Practice Lead to establish and scale a secure software development and certification practice aligned with the EU Cyber Resilience Act, leading a multidisciplinary team to ensure software products meet high standards of cybersecurity and regulatory readiness.
Information Technology
Responsibilities
Define the vision, strategy, and operating model for a CRA-aligned secure development and certification practice
Build and lead a high-performing team across secure development, compliance testing, and DevSecOps
Collaborate with product, legal, and security teams to interpret CRA requirements and embed them into engineering workflows
Establish secure-by-design principles across diverse technology stacks (e.g., web, mobile, embedded, cloud-native, edge)
Drive adoption of secure SDLC practices including threat modeling, secure architecture reviews, and secure coding standards
Ensure integration of security controls across heterogeneous environments and third-party components
Operationalize CRA-aligned testing and documentation processes across all software delivery pipelines
Lead the implementation of automated compliance checks, SBOM generation, and vulnerability management
Ensure traceability, audit readiness, and conformity assessment support for CRA and related regulations (e.g., NIS2, ISO 27001)
Define and implement a technology-agnostic toolchain for secure development, testing, and compliance automation
Integrate security and compliance tooling into CI/CD pipelines across multiple platforms and languages
Promote reuse of security patterns, templates, and automation assets across teams
Act as the technical authority on CRA compliance for internal teams, partners, and clients
Support pre-sales, solutioning, and proposal development for CRA-related services
Represent the practice in regulatory, industry, and standards forums
Qualification
Required
10+ years of experience in software engineering, cybersecurity, or compliance, with at least 3 years in a leadership role
Proven experience in secure software development across multiple platforms (e.g., cloud, mobile, embedded, edge)
Strong understanding of cybersecurity regulations including CRA, NIS2, and global standards (e.g., ISO/IEC 27001, ENISA guidelines)
Hands-on experience with secure SDLC, DevSecOps, and software composition analysis (SCA) tools
Familiarity with SBOM standards (e.g., SPDX, CycloneDX) and vulnerability disclosure processes
Excellent communication, leadership, and stakeholder management skills
Preferred
Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field
Experience working in regulated industries (e.g., MedTech, Industrial, Automotive, Fintech)
Certifications such as CISSP, CSSLP, CISA, or CRA-specific credentials (when available)
Exposure to open-source governance, third-party risk management, and secure supply chain practices
Company
Codvo.ai
At Codvo.ai, we specialize in leveraging artificial intelligence, cloud, and data to solve complex business problems and drive innovation.
51-200 employees
H1B Sponsorship
Codvo.ai has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (2)
2022 (3)
Funding
Current Stage
Growth StageLeadership Team
Amit Verma
Managing Partner
Harish Vajja
Managing Partner
Company data provided by crunchbase