Senior Software Engineer – Product Security / SBOM

Overview

Remote
50+
Contract - Independent
Contract - W2
Contract - 12 Month(s)
No Travel Required
Unable to Provide Sponsorship

Skills

Python
Software Supply Chain Security
SBOM
SPDX
CycloneDX
CSAF
VEX
OSV
CI/CD Pipelines
Tekton
GitHub Actions
GitLab CI
PostgreSQL
Vulnerability Management
CVE Mapping
PSIRT
Open Source Security
Kubernetes
OpenShift
Podman
Automation
Security Tooling

Job Details

Senior Software Engineer – Product Security / SBOM

Location: Remote
Rate: $50/hr
Client: Red Hat
Work Authorization: / GC

Job Summary

Red Hat’s Product Security team is seeking a Senior Software Engineer to support compliance with the EU Cyber Resilience Act (CRA). In this role, you will design and build tooling and infrastructure to generate and manage Software Bill of Materials (SBOMs) for critical open-source projects and integrate them into Red Hat’s security incident response workflows.

This position focuses on software supply chain security, automation, and vulnerability detection across upstream and downstream open-source ecosystems. You will collaborate closely with internal security teams and open-source communities to promote secure-by-design principles and standardized data practices.

Key Responsibilities

  • Design and develop automated tools to generate and maintain SBOMs in standard formats such as SPDX and CycloneDX.

  • Integrate SBOM generation into CI pipelines to track direct and transitive dependencies in real time.

  • Implement unique component identifiers such as CPE and PURL.

  • Build early-warning workflows by integrating SBOM data with Product Security Incident Response (PSIRT) tooling.

  • Enable automatic mapping of vulnerabilities (CVEs) to impacted open-source projects.

  • Develop machine-readable security advisories (CSAF, VEX) for transparency and automated vulnerability handling.

  • Continuously enhance tooling to reduce vulnerability detection and remediation timelines.

  • Collaborate with internal teams and external open-source communities on standards and best practices.

Required Qualifications

  • 5+ years of professional experience with Python development.

  • Strong understanding of software supply chain security concepts.

  • Hands-on experience with SBOM standards (SPDX, CycloneDX).

  • Experience working with vulnerability data formats such as CSAF, VEX, and OSV.

  • 3+ years of experience with relational databases such as PostgreSQL.

  • Experience integrating security tooling into CI/CD pipelines.

  • Familiarity or interest in container technologies and cloud-native ecosystems.

  • Strong written and verbal communication skills and ability to collaborate in open-source environments

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Sierra Software Solutions