Software Engineer

Hybrid in Raleigh, NC, US • Posted 3 hours ago • Updated 2 hours ago

Contract W2

On-site

$47/hr - $53/hr on W2

Fitment

Dice Job Match Score™

🛠️ Calibrating flux capacitors...

Job Details

Skills

FOCUS
Project Development
Regulatory Compliance
Bill Of Materials
Continuous Integration and Development
Real-time
Workflow
Incident Management
Mapping
Python
Supply Chain Management
Relational Databases
PostgreSQL
Management
Meta-data Management
Continuous Delivery
GitHub
GitLab
Continuous Integration
Kubernetes
Communication
English
Collaboration
Open Source

Summary

Title: Software Engineer
Duration: 12 months
Location: Remote (EST Working hours)
Pay Rate: $47/hr - $53/hr on W2

Job Description:

In this role, you will work as part of a team responsible for establishing the technical stewardship capabilities required by the EU Cyber Resilience Act (CRA).
You will focus on developing the tooling and infrastructure necessary to generate comprehensive Software Bill of Materials (SBOMs) for critical open-source community projects and integrating these manifests into incident response workflows. You will build automated solutions that bridge the gap between upstream project development and downstream security compliance, ensuring rapid detection of vulnerabilities in open-source components. You will collaborate with internal security teams and external open-source communities to align on data standards and "secure by design" principles.

Primary Job Responsibilities

Design and develop automated tooling to generate and maintain Software Bill of Materials (SBOMs) for upstream open-source projects in standardized machine-readable formats (e.g., SPDX, CycloneDX).
Integrate SBOM generation into community Continuous Integration (CI) systems to ensure real-time tracking of top-level and transitive dependencies, including the generation of unique component identifiers (CPE, PURL).
Build "Early Warning" workflows by connecting community SBOMs with company's Product Security Incident Response Team (PSIRT) tooling, enabling the automatic mapping of new vulnerabilities (CVEs) to impacted upstream projects.
Implement machine-readable advisory generation (CSAF VEX) for community projects to support transparency and automated vulnerability handling requirements.
Continuously improve tooling to reduce the average time to patch critical vulnerabilities in stewarded open-source components.

Skills Required

Advanced (5+ years) knowledge of Python programming language and their ecosystems.
Deep understanding of Software Supply Chain Security concepts, including SBOM standards (SPDX, CycloneDX) and vulnerability data formats (CSAF, VEX, OSV).
Intermediate (3+ years) experience with relational databases (e.g., PostgreSQL) for managing vulnerability and component metadata.
Experience with CI/CD pipelines (e.g., Tekton, GitHub Actions, GitLab CI) and integrating security scanning tools into build processes.
Interest in the container ecosystem (Kubernetes, OpenShift, Podman).
Good written and verbal communication skills in English, with a strong ability to
collaborate in open-source communities.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: 10120071
Position Id: 2026-123153
Posted 3 hours ago

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Splunk Dashboard Engineer

Morrisville, North Carolina

•

Today

RESPONSIBILITIES: Kforce has a client that is seeking a Splunk Dashboard Engineer in Morrisville, NC. Overview: We are seeking a Splunk Detection & Incident Response Dashboard Engineer to support our Incident, Detection, and Response (IDR) team within the broader Cybersecurity organization. This role is responsible for designing, building, and maintaining Splunk dashboards, reports, and visualizations that enable real time threat detection, incident investigation, and operational awareness acro

Contract

$70 - $77 hourly

Senior Software Developer

Raleigh, North Carolina

•

21d ago

Role: Senior Software Developer Location: Raleigh, NC (Only Local) ONLY W2 Top Skills: React, Next.JS, Java Spring boot JOB SUMMARY: We are looking for software engineers who are focused on developing next-generation technologies that power how users explore and interact with information and offerings. We are looking for engineers who like to be challenged solving problems around distributed computing, system design, data retrieval and processing, applied artificial intelligence, user experi

Easy Apply

Contract

ServiceNow Developer

Hybrid in Raleigh, North Carolina

•

3d ago

Job ID: NC-90406) Remote/Local ServiceNow Developer/Builder (15+) with ITSM, Change Management, Glide APIs, UI, Flow Designer and healthcare experience Location: Raleigh, NC (NCDHHS-AM) Duration: 12 Months Skills: Hands-on ServiceNow development experience Required 3 Years Strong experience configuring ITSM modules Required 3 Years Experience building ServiceNow reports, dashboards, and performance analytics Required 3 Years Experience with Flow Designer, Business Rules, UI Policies, and Client

Easy Apply

Contract, Third Party

Depends on Experience

ServiceNow Developer

Hybrid in Raleigh, North Carolina

•

3d ago

Position Description: ServiceNow Developer/Builder contractor to design workflows, configure ITSM modules, and develop reports and dashboards. Strong hands-on ServiceNow development experience required; reporting and analytics development strongly preferred. We are seeking a ServiceNow Developer / Builder to support the design, configuration, and development of workflows, applications, and reports within the ServiceNow platform. This role will focus on hands-on platform development, automation

Easy Apply

Contract

Depends on Experience

Search all similar jobs