Software Supply Chain Engineer

Your responsibilities

• Collaborate with software architects, senior developers and devops leads to generate a comprehensive Software Bill of Materials (SBOM) for commercial products, including detailed information on open source components and dependencies.
• Review, analyze, and assess the usage of open source software in products to ensure compliance with relevant regulations and licenses, including knowledge of how usage, deployment, and architecture affects compliance.
• Integrate open source compliance checks into CI/CD pipelines, facilitating the early identification of compliance issues and minimizing compliance risks.
• Demonstrate proficiency in managing dependencies for at least two of the following programming languages: .NET/C#, Python, Java, C/C++, Node.JS/TypeScript, considering both proprietary and open source components.
• Create and maintain clear and concise compliance documentation, including policies, procedures, and best practices, to foster a compliant development environment.
• Utilize your expertise with CycloneDX, a lightweight SBOM standard, to enhance the accuracy and efficiency of our compliance processes.
• Stay informed about industry regulations, particularly FDA requirements, and ensure that our open source compliance practices align with current and emerging standards.
• Provide training and support to development teams on open source compliance practices, fostering a culture of awareness and responsibility.
• Provide expert guidance to development teams on open source licensing requirements, restrictions, and obligations to ensure legal and regulatory compliance.

Our requirements

• Proven experience with CI/CD pipelines and integrating open source compliance
• Minimum of 2 years of practical experience in open source compliance, preferably in a regulated industry such as healthcare or medical device.
• Thorough understanding of open source licenses, their implications, and best practices for compliance.
• Demonstrable experience working with CycloneDX or similar SBOM formats.
• Proficiency in managing dependencies for two or more programming languages, such as .NET/C#, Python, Java, C/C++, Node.JS/TypeScript.
• Familiarity with both Linux and Windows operating systems and their interactions with open source components.