Position:

Job Description:

Key Responsibilities:

• Lead the design and development of SBOM generation pipelines within Yocto-based embedded build systems

• Integrate and validate SPDX 3.0-compliant SBOMs using open-source and custom tools

• Automate SBOM creation as part of the CI/CD pipelines using Jenkins and other DevOps tools

• Work with security teams to analyze and track Open-Source Vulnerabilities (CVE) from generated SBOMs

• Collaborate with development teams to ensure accurate tracking of software components, licenses, and dependencies

• Maintain and improve tooling for source scanning, license compliance, and vulnerability management

• Analyze complex source code bases and integrate SBOM processes with SCM systems (Git, Gerrit, etc.)

• Write and maintain Python scripts for build integration, reporting, and automation of SBOM tasks

• 5+ years of experience with Yocto Build System (BitBake, meta layers, custom recipes)

• Strong hands-on experience with SPDX standards (preferably 3.0) and SBOM generation tools (e.g., SPDX tools, FOSSology, CycloneDX, scancode-toolkit)

• Solid understanding of CI/CD concepts and Jenkins pipeline development

• Proficiency with Git, Gerrit, JIRA, and other collaborative tools

• In-depth knowledge of Python scripting, including advanced concepts

• Experience working with Makefiles, toolchains, and compiler optimization in embedded environments

• Strong grasp of open-source licensing, compliance, and security scanning (CVE/NVD tools)

• Excellent problem-solving, communication, and collaboration skills

• Experience with SBoM automation in production environments

• Familiarity with Linux Security Modules (LSM) or other embedded Linux security frameworks

• Understanding of DevSecOps practices

• Contributions to open-source SBOM initiatives or SPDX community is a strong plus

Location:

Time Type:

Job Category: