Software Security Architect - Cyber Resilience Act (CRA) Focus (m/f)

Join one of the world’s largest industrial security teams - and build technology that protects real devices worldwide. At NXP’s Competence Center Crypto & Security (CC C&S), we design, build, and deliver end-to-end security - from early innovation to architecture to products in the field. If you're a security engineer who wants to create real-world impact, we’d love to hear from you.

We are seeking an experienced Software Security Architect to join our Software Security Architecture team within CCC&S. In this role, you will take a leading position in driving Cyber Resilience Act (CRA) readiness across our product portfolio, ensuring compliance with upcoming mandatory regulatory requirements.

This role combines strategic ownership and hands-on technical expertise at the intersection of product security architecture, regulatory compliance, and system-level threat analysis. You will support both legacy product lines and new product introductions (NPI), embedding security-by-design principles and ensuring lifecycle compliance across all development stages.

Your Responsibilities:

• Define and drive the CRA compliance strategy for MCU and MPU product portfolios through the central security architecture team.
• Ensure alignment with upcoming mandatory CRA requirements (target: 2027)
• Translate regulatory requirements into practical security controls, design principles, and architecture guidelines
• Support audit readiness (compliance documentation, security evidence generation and end to end traceability of requirements)
• Define, implement, and maintain robust security architectures across Legacy products & New Product Introductions (NPI)
• Ensure consistent application of security standards, methodologies, and best practices across product lines
• Collaborate with cross-functional teams (engineering, product management, compliance) to embed security into development processes
• Lead and conduct system-level threat modeling and threat analysis (hardware and software)
• Perform security risk assessments aligned with CRA expectations and industry standards

Your profile

• Strong background in Embedded systems security, Software and/or hardware security architecture
• Proven experience with Threat modeling methodologies and security technologies such as secure boot, cryptography, firmware protection
• Familiarity with security certification frameworks, such as: PSA, SESIP, Common Criteria
• Experience with or strong interest in Cyber Resilience Act (CRA), Product security regulations and standards, Compliance-driven development and documentation
• Ability to translate regulatory requirements into technical implementation
• Strong analytical and system-level thinking
• Excellent stakeholder management and cross-functional collaboration skills
• Comfortable working in a global, matrixed organization with diverse product teams

Please note: The successful candidate may/will be responsible for security related tasks. The assignment may/will be in scope of security certifications, therefore a conscious and reliable way of working is necessary.