Talent.com
Inżynier ds. bezpieczeństwa produktu (EU Cyber Resilience Act / CRA)

Inżynier ds. bezpieczeństwa produktu (EU Cyber Resilience Act / CRA)

PNK sp. z o.o.dolnośląskie, Wrocław, Polska
14 days ago
Job description

Inżynier ds. bezpieczeństwa produktu (EU Cyber Resilience Act / CRA)

Miejsce pracy : Wrocław

Technologies we use

Expected

  • CIS
  • Cyber Resilience Act
  • CISA
  • CISM
  • CISSP

Your responsibilities

1. Risk assessment & essential security requirements

  • Conduct cyber risk assessments before placing products on the EU market and ensure products have no known exploitable vulnerabilities at launch. Ensure compliance with Annex I requirements (encryption, data integrity, authentication, access control).

    • 2. Security updates, vulnerability management & reporting

  • Provide security updates / patches throughout the product lifecycle; run vulnerability intake / triage / prioritization / patch development / distribution / verification. For actively exploited vulnerabilities or severe product-impacting incidents, use the unified reporting platform (ENISA) : initial alert within 24 hours, detailed notification within 72 hours, final report (for vulnerabilities : within 14 days after patch availability). Notify both the relevant CSIRT / coordinator and ENISA.

    • 3. Conformity assessment & CE marking

  • Follow appropriate conformity assessment (self-assessment or notified body) depending on product class (default / important / critical). Verify required assessment modules (Module A, B+C, H, etc.) per CRA.

    • 4. Documentation & retention

  • Prepare and retain technical documentation (including risk assessments), SBOM, EU Declaration of Conformity, and user guidance for at least 10 years after market placement or for the support period (whichever is longer). Manufacturer should define product support period (recommended minimum : 5 years).

    • Our requirements

    Required qualifications :

    1. Entry-level applicants : only graduates of a degree related to the role or a closely related field may apply.

    2. Professional English skills — able to produce technical documentation, handle email correspondence and participate in meetings.

    Preferred :

    1. Security certifications (e.g., CISA, CISM, CISSP).

    2. Practical experience with the EU Cyber Resilience Act (CRA) or strong understanding of CRA compliance and conformity assessment processes.

    3. Experience in vulnerability management and response (running SOPs for vulnerability intake, triage and patch distribution).

    4. Completed security trainings or courses (e.g., penetration testing, SAST / DAST).

    Create a job alert for this search

    Ds Produktu • dolnośląskie, Wrocław, Polska