Software Engineer

Software Engineer

Posted 1 week ago by Select Source International

Apply
Negotiable
Undetermined
Remote
Remote or Hybrid in Raleigh, North Carolina
Apply
Community Reinvestment Act Continuous Integration Continuous Integration and Continuous Delivery Cyber Incident Response Cyber Resilience Device Tracking Software Generic Programming Github Gitlab Mapping Software Metadata OpenShift Open Source Development PostgreSQL Python (Programming Language) Relational Databases Software Development Software Engineering Transparency (Human-Computer Interaction) Vulnerability Workflows

Summary: The Software Engineer role involves developing tooling and infrastructure to support the EU Cyber Resilience Act by generating Software Bill of Materials (SBOMs) for open-source projects. The position requires collaboration with security teams and open-source communities to enhance vulnerability detection and compliance. The role is focused on automating processes and improving security measures within the software supply chain. This position is remote, requiring work during EST hours.

Key Responsibilities:

  • Design and develop automated tooling to generate and maintain Software Bill of Materials (SBOMs) for upstream open-source projects in standardized machine-readable formats (e.g., SPDX, CycloneDX).
  • Integrate SBOM generation into community Continuous Integration (CI) systems to ensure real-time tracking of top-level and transitive dependencies, including the generation of unique component identifiers (CPE, PURL).
  • Build "Early Warning" workflows by connecting community SBOMs with company's Product Security Incident Response Team (PSIRT) tooling, enabling the automatic mapping of new vulnerabilities (CVEs) to impacted upstream projects.
  • Implement machine-readable advisory generation (CSAF VEX) for community projects to support transparency and automated vulnerability handling requirements.
  • Continuously improve tooling to reduce the average time to patch critical vulnerabilities in stewarded open-source components.

Key Skills:

  • Advanced (5+ years) knowledge of Python programming language and their ecosystems.
  • Deep understanding of Software Supply Chain Security concepts, including SBOM standards (SPDX, CycloneDX) and vulnerability data formats (CSAF, VEX, OSV).
  • Intermediate (3+ years) experience with relational databases (e.g., PostgreSQL) for managing vulnerability and component metadata.
  • Experience with CI/CD pipelines (e.g., Tekton, GitHub Actions, GitLab CI) and integrating security scanning tools into build processes.
  • Interest in the container ecosystem (Kubernetes, OpenShift, Podman).
  • Good written and verbal communication skills in English, with a strong ability to collaborate in open-source communities.

Salary (Rate): £39.00 hourly

City: undetermined

Country: undetermined

Working Arrangements: remote

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Title: Software Engineer
Duration: 12 months
Location: Remote (EST Working hours)
Pay Rate: $47/hr - $53/hr on W2

Job Description:

In this role, you will work as part of a team responsible for establishing the technical stewardship capabilities required by the EU Cyber Resilience Act (CRA).
You will focus on developing the tooling and infrastructure necessary to generate comprehensive Software Bill of Materials (SBOMs) for critical open-source community projects and integrating these manifests into incident response workflows. You will build automated solutions that bridge the gap between upstream project development and downstream security compliance, ensuring rapid detection of vulnerabilities in open-source components. You will collaborate with internal security teams and external open-source communities to align on data standards and "secure by design" principles.

Primary Job Responsibilities

  • Design and develop automated tooling to generate and maintain Software Bill of Materials (SBOMs) for upstream open-source projects in standardized machine-readable formats (e.g., SPDX, CycloneDX).
  • Integrate SBOM generation into community Continuous Integration (CI) systems to ensure real-time tracking of top-level and transitive dependencies, including the generation of unique component identifiers (CPE, PURL).
  • Build "Early Warning" workflows by connecting community SBOMs with company's Product Security Incident Response Team (PSIRT) tooling, enabling the automatic mapping of new vulnerabilities (CVEs) to impacted upstream projects.
  • Implement machine-readable advisory generation (CSAF VEX) for community projects to support transparency and automated vulnerability handling requirements.
  • Continuously improve tooling to reduce the average time to patch critical vulnerabilities in stewarded open-source components.

Skills Required

  • Advanced (5+ years) knowledge of Python programming language and their ecosystems.
  • Deep understanding of Software Supply Chain Security concepts, including SBOM standards (SPDX, CycloneDX) and vulnerability data formats (CSAF, VEX, OSV).
  • Intermediate (3+ years) experience with relational databases (e.g., PostgreSQL) for managing vulnerability and component metadata.
  • Experience with CI/CD pipelines (e.g., Tekton, GitHub Actions, GitLab CI) and integrating security scanning tools into build processes.
  • Interest in the container ecosystem (Kubernetes, OpenShift, Podman).
  • Good written and verbal communication skills in English, with a strong ability to
  • collaborate in open-source communities.
Apply
Similar Jobs
Loading data...