Software Security Architect – Cyber Resilience Act (CRA) Focus (m/f)

What You'll Do

• Define and drive the CRA compliance strategy for MCU and MPU product portfolios through the central security architecture team.
• Ensure alignment with upcoming mandatory CRA requirements (target: 2027) Translate regulatory requirements into practical security controls, design principles, and architecture guidelines Support audit readiness (compliance doczntation, security evidence generation and end to end traceability of requirements) Define, implement, and maintain robust security architectures across Legacy products & New Product Introductions (NPI) Ensure consistent application of security standards, methodologies, and best practices across product lines Collaborate with cross-functional teams (engineering, product management, compliance) to embed security into development processes Lead and conduct system-level threat modeling and threat analysis (hardware and software) Perform security risk assessments aligned with CRA expectations and industry standards Your profile Strong background in Embedded systems security, Software and/or hardware security architecture Proven experience with Threat modeling methodologies and security technologies such as secure boot, cryptography, firmware protection Familiarity with security certification frameworks, such as: PSA, SESIP, Common Criteria Experience with or strong interest in Cyber Resilience Act (CRA), Product security regulations and standards, Compliance-driven development and documentation Ability to translate regulatory requirements into technical implementation Strong analytical and system-level thinking Excellent stakeholder management and cross-functional collaboration skills Comfortable working in a global, matrixed organization with diverse product teams Please note: The successful candidate may/will be responsible for security related tasks.
• The assignment may/will be in scope of security certifications, therefore a conscious and reliable way of working is necessary.
• For applications in Gratkorn: NXP provides market competitive compensation according to the benchmarking of the electronic and semiconductor industry.
• Due to the Austrian Equal Treatment Act we are obligated to state the employment group of our applicable collective bargaining agreement (CBA) “Kollektivvertrag für Angestellte Gewerbe und Handwerk und in der Dienstleistung“, this position (fulltime) is graded in Employment Group V after 6 years.
• Your individual experiences and expectations will be considered in the application process.
• Moreover, we provide attractive benefits to our employees like home office, flexible working time, meal benefits and more.
• More information about NXP in Austria... #LI-a8a1