Software Supply Chain Engineer

Nasze wymagania: Proven experience with CI/CD pipelines and integrating open source compliance Minimum of 2 years of practical experience in open source compliance, preferably in a regulated industry such as healthcare or medical device. Thorough understanding of open source licenses, their implications, and best practices for compliance. Demonstrable experience working with CycloneDX or similar SBOM formats. Proficiency in managing dependencies for two or more programming languages, such as .NET/C#, Python, Java, C/C++, Node.JS/TypeScript. Familiarity with both Linux and Windows operating systems and their interactions with open source components. Zakres obowiązków: Collaborate with software architects, senior developers and devops leads to generate a comprehensive Software Bill of Materials (SBOM) for commercial products, including detailed information on open source components and dependencies. Review, analyze, and assess the usage of open source software in products to ensure compliance with relevant regulations and licenses, including knowledge of how usage, deployment, and architecture affects compliance. Integrate open source compliance checks into CI/CD pipelines, facilitating the early identification of compliance issues and minimizing compliance risks. Demonstrate proficiency in managing dependencies for at least two of the following programming languages: .NET/C#, Python, Java, C/C++, Node.JS/TypeScript, considering both proprietary and open source components. Create and maintain clear and concise compliance documentation, including policies, procedures, and best practices, to foster a compliant development environment. Utilize your expertise with CycloneDX, a lightweight SBOM standard, to enhance the accuracy and efficiency of our compliance processes. Stay informed about industry regulations, particularly FDA requirements, and ensure that our open source compliance practices align with current and emerging standards. Provide training and support to development teams on open source compliance practices, fostering a culture of awareness and responsibility. Provide expert guidance to development teams on open source licensing requirements, restrictions, and obligations to ensure legal and regulatory compliance.