Software Supply Chain Engineer

O projekcie: We're looking for Software Supply Chain Engineer to join our dynamic team and contribute to creating products while ensuring the highest standards of compliance and safety Wymagania: - Proven experience with CI/CD pipelines and integrating open source compliance - Minimum of 2 years of practical experience in open source compliance, preferably in a regulated industry such as healthcare or medical device. - Thorough understanding of open source licenses, their implications, and best practices for compliance. - Demonstrable experience working with CycloneDX or similar SBOM formats. - Proficiency in managing dependencies for two or more programming languages, such as .NET/C#, Python, Java, C/C++, Node.JS/TypeScript. - Familiarity with both Linux and Windows operating systems and their interactions with open source components. Codzienne zadania: - Collaborate with software architects, senior developers and devops leads to generate a comprehensive Software Bill of Materials (SBOM) for commercial products, including detailed information on open source components and dependencies. - Review, analyze, and assess the usage of open source software in products to ensure compliance with relevant regulations and licenses, including knowledge of how usage, deployment, and architecture affects compliance. - Integrate open source compliance checks into CI/CD pipelines, facilitating the early identification of compliance issues and minimizing compliance risks. - Demonstrate proficiency in managing dependencies for at least two of the following programming languages: .NET/C#, Python, Java, C/C++, Node.JS/TypeScript, considering both proprietary and open source components. - Create and maintain clear and concise compliance documentation, including policies, procedures, and best practices, to foster a compliant development environment. - Utilize your expertise with CycloneDX, a lightweight SBOM standard, to enhance the accuracy and efficiency of our compliance processes. - Stay informed about industry regulations, particularly FDA requirements, and ensure that our open source compliance practices align with current and emerging standards. - Provide training and support to development teams on open source compliance practices, fostering a culture of awareness and responsibility. - Provide expert guidance to development teams on open source licensing requirements, restrictions, and obligations to ensure legal and regulatory compliance.