SPECTRAFORCE
Open Source Engineer
β - Featured Role | Apply direct with Data Freelance Hub
This role is for a Senior Software Engineer (Open Source) with a 12-month remote contract focused on developing tooling for Software Bill of Materials (SBOMs). Key skills include advanced Python, Software Supply Chain Security, and CI/CD experience.
π - Country
United States
π± - Currency
$ USD
-
π° - Day rate
424
-
ποΈ - Date
April 3, 2026
π - Duration
More than 6 months
-
ποΈ - Location
Remote
-
π - Contract
Unknown
-
π - Security
Unknown
-
π - Location detailed
United States
-
π§ - Skills detailed
#Databases #GitHub #GitLab #PostgreSQL #Programming #Kubernetes #Python #Security #Metadata #Compliance
Role description
Job Title-: Senior Software Engineer (Open Source)
Duration- 12 Months
Location-: Remote - EST Hours
Job Description Summary
The Clients Product Security team is looking for a Senior Software Engineer. In this role, you will work as part of a team responsible for establishing the technical stewardship capabilities required by the EU Cyber Resilience Act (CRA). You will focus on developing the tooling and infrastructure necessary to generate comprehensive Software Bill of Materials (SBOMs) for critical open-source community projects and integrating these manifests into client's incident response workflows. You will build automated solutions that bridge the gap between upstream project development and downstream security compliance, ensuring rapid detection of vulnerabilities in open-source components. You will collaborate with internal security teams and external open-source communities to align on data standards and "secure by design" principles.
Job Responsibilities
β’ Design and develop automated tooling to generate and maintain Software Bill of Materials (SBOMs) for upstream open-source projects in standardized machine-readable formats (e.g., SPDX, CycloneDX).
β’ Integrate SBOM generation into community Continuous Integration (CI) systems to ensure real-time tracking of top-level and transitive dependencies, including the generation of unique component identifiers (CPE, PURL).
β’ Build "Early Warning" workflows by connecting community SBOMs with client's Product Security Incident Response Team (PSIRT) tooling, enabling the automatic mapping of new vulnerabilities (CVEs) to impacted upstream projects.
β’ Implement machine-readable advisory generation (CSAF VEX) for community projects to support transparency and automated vulnerability handling requirements.
β’ Continuously improve tooling to reduce the average time to patch critical vulnerabilities in stewarded open-source components.
Skills Required
β’ Advanced (5+ years) knowledge of Python programming language and their ecosystems.
β’ Deep understanding of Software Supply Chain Security concepts, including SBOM standards (SPDX, CycloneDX) and vulnerability data formats (CSAF,VEX, OSV).
β’ Intermediate (3+ years) experience with relational databases (e.g., PostgreSQL) for managing vulnerability and component metadata.
β’ Experience with CI/CD pipelines (e.g., Tekton, GitHub Actions, GitLab CI) and integrating security scanning tools into build processes.
β’ Interest in the container ecosystem (Kubernetes, Red Hat OpenShift, Podman).
β’ Good written and verbal communication skills in English, with a strong ability to collaborate in open-source communities.
Job Title-: Senior Software Engineer (Open Source)
Duration- 12 Months
Location-: Remote - EST Hours
Job Description Summary
The Clients Product Security team is looking for a Senior Software Engineer. In this role, you will work as part of a team responsible for establishing the technical stewardship capabilities required by the EU Cyber Resilience Act (CRA). You will focus on developing the tooling and infrastructure necessary to generate comprehensive Software Bill of Materials (SBOMs) for critical open-source community projects and integrating these manifests into client's incident response workflows. You will build automated solutions that bridge the gap between upstream project development and downstream security compliance, ensuring rapid detection of vulnerabilities in open-source components. You will collaborate with internal security teams and external open-source communities to align on data standards and "secure by design" principles.
Job Responsibilities
β’ Design and develop automated tooling to generate and maintain Software Bill of Materials (SBOMs) for upstream open-source projects in standardized machine-readable formats (e.g., SPDX, CycloneDX).
β’ Integrate SBOM generation into community Continuous Integration (CI) systems to ensure real-time tracking of top-level and transitive dependencies, including the generation of unique component identifiers (CPE, PURL).
β’ Build "Early Warning" workflows by connecting community SBOMs with client's Product Security Incident Response Team (PSIRT) tooling, enabling the automatic mapping of new vulnerabilities (CVEs) to impacted upstream projects.
β’ Implement machine-readable advisory generation (CSAF VEX) for community projects to support transparency and automated vulnerability handling requirements.
β’ Continuously improve tooling to reduce the average time to patch critical vulnerabilities in stewarded open-source components.
Skills Required
β’ Advanced (5+ years) knowledge of Python programming language and their ecosystems.
β’ Deep understanding of Software Supply Chain Security concepts, including SBOM standards (SPDX, CycloneDX) and vulnerability data formats (CSAF,VEX, OSV).
β’ Intermediate (3+ years) experience with relational databases (e.g., PostgreSQL) for managing vulnerability and component metadata.
β’ Experience with CI/CD pipelines (e.g., Tekton, GitHub Actions, GitLab CI) and integrating security scanning tools into build processes.
β’ Interest in the container ecosystem (Kubernetes, Red Hat OpenShift, Podman).
β’ Good written and verbal communication skills in English, with a strong ability to collaborate in open-source communities.
