Since its foundation in 1925, the DEKRA promise has been to ensure the safety of human interaction with technology and the environment. The company currently employs around 48,000 people in more than 60 countries on all five continents.
We have a clear and ambitious vision of the future. The vision for our 100th birthday in 2025 is to see **DEKRA as the global partner for a safe world.**
Within our **Cybersecurity Hub**, we are responsible for performing product security evaluations and certification processes for the most important manufacturers worldwide.
A cybersecurity certification process is a formal assessment that evaluates whether a product, process, or service meets specific security standards to protect against cyber threats. At DEKRA, we have a number of Certification bodies that operate under the rules of different schemes for the issuance of certificates for products, processes, or services; in particular, the European Union Common Criteria (EUCC) for ICT products certification. Laboratories reports review, Certification Decision and Continuous Monitoring are the most important activities performed by a Certification Body.
If you are a passionate about cybersecurity and ready to make a difference in protecting critical ICT products, if you are an expert in Common Criteria, we're looking for a dedicated EUCC Certifier to join our team at our Certification Body.
You will be part of a worldwide reference cybersecurity conformity assessment body that includes a Certification Body and worldwide recognised Common Criteria lab and you will participate in international projects with top-tier customers guaranteeing the security of their products and services.
**What will be your responsibilities?**
- Management and Operate the Quality Management System of the Certification Body
- Lead EUCC Certification Projects: Manage end-to-end certification projects, ensuring that IT products comply with the EU Common Criteria (EUCC) standards. Guide clients through the entire process, from initial scoping to the final certification decision.
- Participation in the coordination and execution of the certification activities:
- Review of the evaluation results and the verification of the evaluation technical report.
- Review of certifiers activities and reports.
- Certification decision making for issuance, suspension or withdrawal of EUCC certificates.
- Surveillance and monitoring activities, including those related to certified products, to subcontractors (approved laboratories) and to Holders of certificates issued by the DEKRA´s Certification Body.
- Conformity and compliance activities.
- Vulnerability management and disclosure activities.
- Supervise of activities performed by juniors and trainees
- Formulate new policies and policy revisions relating to the operation of the Certification Body
- Be involved in the development and maintenance of the CAB quality management system and specific procedures for the Conformity Assessment activities
- Interface with Clients and Regulatory Bodies: act as a point of contact for clients during the certification process. Liaise with national and European regulatory bodies to ensure the certification aligns with EUCC standards and regulatory requirements.
- Stay Up-to-Date with EUCC Standards: continuously monitor and stay informed about updates to the EU Common Criteria standards and other relevant regulatory frameworks to ensure our certification practices reflect the latest industry requirements.
- Training and Knowledge Sharing: provide training and guidance to clients and internal teams on EUCC-related topics, fostering a culture of continuous improvement and knowledge sharing within the organization.
**What do we expect from you?**
- +5 years of demonstrated experience in the cybersecurity evaluation/certification field
- Computer Science, Telecommunication, or equivalent Bachelor's degree.
- Deep knowledge of the Quality assurance standards (ISO/IEC 17065 and ISO/IEC 17025)
- Deep knowledge of the EUCC scheme.
- Have been Common Criteria Evaluator or Certifier:
- Deep knowledge of ISO/IEC 15408:2022 and ISO/IEC 18045:2022
- Deep knowledge of technical and organisational aspects of the evaluation and certification process
- Demonstrable experience in participation in tech communities (e.g. cPP development or SOG-IS technical domains) and regulations, standards development groups
- Fluent oral and written English
- Aptitude for teamwork in an international environment
- High level of professionalism and the ability to work autonomously.
- Strong analytical skills while handling multiple projects, delivering results on time using well-developed logical problem-solving skills.
**Ideally, you'll also have**
- Cybersecurity Certifications: CISA, OSCP, CEH or similar.
**What can we offer?**
- Work in an attractive multinational environment together with other top security experts.
- Flexible work model that allows the conciliation between personal and work life.