Software Security Architect — Cyber Resilience Act (CRA) Focus

Job Title

Software Security Architect — Cyber Resilience Act (CRA) Focus

Role Summary

Join NXP’s Competence Center Crypto & Security (CC C&S) to lead CRA readiness and security-by-design across MCU and MPU product portfolios. The role blends strategic ownership, hands-on security architecture, and cross-functional coordination to ensure products meet regulatory and lifecycle security requirements.

Position supports legacy product lines and new product introductions (NPI) and involves audit readiness, evidence generation, and end-to-end traceability.

Experience Level

Senior — experienced security architect. Years of experience not specified, but role expects established, system-level security expertise.

Responsibilities

Accountabilities include translating regulatory obligations into architecture and development practices and executing system-level security analysis.

• Define and drive CRA compliance strategy for MCU/MPU product portfolios.
• Translate CRA and related regulatory requirements into technical controls, design principles, and architecture guidelines.
• Design, implement, and maintain security architectures for legacy products and NPIs.
• Lead system-level threat modeling and threat analysis across hardware and software.
• Perform security risk assessments aligned with CRA expectations and industry standards.
• Support audit readiness: produce compliance documentation, security evidence, and traceability of requirements.
• Ensure consistent application of security standards, methodologies, and best practices across product lines.
• Collaborate with engineering, product management, and compliance teams to embed security into development processes.

Requirements

Key must-have and desirable qualifications and skills.

• Must-have: Strong background in embedded systems security and security architecture (software and/or hardware).
• Must-have: Proven experience with threat-modeling methodologies and system-level threat analysis.
• Must-have: Familiarity with security technologies such as secure boot, cryptography, and firmware protection.
• Must-have: Experience producing compliance documentation and evidence for audits; ability to ensure end-to-end traceability of requirements.
• Must-have: Strong analytical, system-level thinking and stakeholder management skills; ability to work in a global matrix organization.
• Desirable: Experience with security certification frameworks (PSA, SESIP, Common Criteria).
• Desirable: Experience with or strong interest in the Cyber Resilience Act (CRA) and other product security regulations and standards.
• Note: Role may involve tasks in scope of security certifications, requiring a reliable and security-conscious working style.

Education Requirements

Not specified.

About the Company

Company: NXP Semiconductors

Headquarters: Nijmegen, Netherlands

NXP Semiconductors N.V. is a global semiconductor company that provides High Performance Mixed Signal and Standard Product solutions. With over 45,000 employees and operations in more than 35 countries, NXP is a leader in secure connectivity solutions for embedded applications, catering to automotive, industrial IoT, mobile, and communication infrastructure markets. The company is committed to innovation and sustainability, advancing a smarter, safer, and more sustainable world through technology.