Software Engineer – SBOM & Compliance

We are seeking a Software Engineer with expertise in SBOM standards, software supply chain security, and cybersecurity compliance to support embedded and cloud-edge software development. This role focuses on designing, implementing, validating, and automating SBOM workflows to meet regulatory requirements such as the EU Cyber Resilience Act (CRA). The ideal candidate has hands-on experience in embedded C/C++ environments, Dev Sec Ops  practices, and cross-functional collaboration to ensure secure, compliant, and high-quality software delivery.

• Design, develop, modify, and validate embedded and cloud-edge software, applications, and utility programs.
• Generate, validate, and maintain SBOMs using standards such as SPDX and Cyclone
  
  DX, ensuring compliance with CRA requirements and machine-readable metadata.
• Integrate SBOM generation, vulnerability scanning, and compliance checks into CI/CD pipelines for continuous software supply chain security.
• Apply secure software development practices within embedded C/C++ environments, including build systems and tool chains.
• Perform software component analysis, provenance tracking, and vulnerability scanning using SCA tools (e.g., Snyk, Black Duck).
• Analyze software requirements and user needs to design efficient, compliant software solutions.
• Participate in design, coding of large features, unit testing, debugging, integration, and regression testing.
• Conduct code reviews, triage issues, and implement fixes to maintain high-quality standards.
• Collaborate with cross-functional teams including engineering, security, compliance, and product stakeholders.
• Create and maintain technical documentation covering architecture, workflows, and compliance artifacts.

• Bachelor’s degree or above in Engineering, Computer Science, Information Systems, or related field with 2+ years of relevant software engineering experience;
• Strong knowledge of SBOM standards and tooling, including SPDX, Cyclone
  
  DX, and tools such as Syft, SPDX tools, and Cyclone
  
  DX CLI.
• Experience implementing EU Cyber Resilience Act (CRA) compliance in embedded software environments.
• Proficiency in embedded C/C++, build systems, and secure software development practices.
• Experience with software supply chain security, including provenance, component analysis, and vulnerability scanning.
• Familiarity with Dev Ops/Dev Sec Ops  methodologies and CI/CD automation.
• Strong verbal and written communication skills with the ability to work effectively across teams.