Master information

Task description and requirements

Software Supply Chain and Vulnerability Management - 100 % remote


Tasks:


+ Help improve our workflows and tooling for supply chain vulnerability management, including generating, signing, and publishing SBOMs, performing CVE scans, and efficiently analyzing scan results

+ Play a key role in monitoring container images for known security vulnerabilities while automating continuous security checks

+ Contribute to the implementation of tools and processes for assessing vulnerabilities and generating/publishing Vulnerability Exploitability (VEX) information

+ Enhance license management and compliance monitoring by generating SBOMs and validating the results of automatic license detection

Requirements:

+ Strong experience in supply chain security monitoring, particularly SBOMs, CVE/CVSS, and VEX

+ Hands-on experience with open-source security scanners (e.g., Trivy), including scanner operation and interpreting security findings

+ Experience in VEX generation, maintenance, and publishing

+ Familiarity with OCI registries and Linux container artifacts (e.g., Harbor registry, Docker images, Helm charts)

+ Experience in automating security workflows using GitLab CI pipelines

Start: 25.04.2025
Duration: 6 Months +
Location: Remote

Category