Overview
Skills
Job Details
Senior Software Engineer – Product Security (SBOM / Supply Chain Security)
Location: Remote
Rate: $90/hr
Client: Red Hat
Job Summary
Red Hat’s Product Security team is seeking a Senior Software Engineer to help build and scale technical stewardship capabilities aligned with the EU Cyber Resilience Act (CRA). This role focuses on developing tooling and infrastructure to generate Software Bill of Materials (SBOMs) for critical open-source projects and integrating them into Red Hat’s security incident response workflows.
The ideal candidate has strong Python expertise, deep knowledge of software supply chain security, and experience working with CI/CD pipelines and vulnerability data standards.
Key Responsibilities
Design and develop automated tooling to generate and maintain SBOMs for upstream open-source projects using standards such as SPDX and CycloneDX.
Integrate SBOM generation into CI pipelines to track direct and transitive dependencies.
Generate and manage unique component identifiers such as CPE and PURL.
Build early-warning workflows by integrating community SBOMs with Red Hat PSIRT tooling.
Enable automated mapping of CVEs to impacted upstream components.
Implement machine-readable security advisories using CSAF and VEX formats.
Improve tooling to reduce time to patch critical vulnerabilities.
Collaborate with internal security teams and external open-source communities.
Required Skills
5+ years of experience with Python development.
Strong understanding of software supply chain security concepts.
Hands-on experience with SBOM standards such as SPDX and CycloneDX.
Knowledge of vulnerability data formats including CSAF, VEX, and OSV.
3+ years of experience working with relational databases such as PostgreSQL.
Experience with CI/CD tools such as Tekton, GitHub Actions, or GitLab CI.
Familiarity with container ecosystems including Kubernetes, OpenShift, or Podman.
Strong communication and collaboration skills.