Description
:
What You'll Be DoingLead the design and development of SBOM generation pipelines within Yocto-based embedded build systemsIntegrate and validate SPDX 3.0-compliant SBOMs using open-source and custom toolsAutomate SBOM creation as part of the CI/CD pipelines using Jenkins and other DevOps toolsWork with security teams to analyze and track Open-Source Vulnerabilities (CVE) from generated SBOMsCollaborate with development teams to ensure accurate tracking of software components, licenses, and dependenciesMaintain and improve tooling for source scanning, license compliance, and vulnerability managementAnalyze complex source code bases and integrate SBOM processes with SCM systems (Git, Gerrit, etc.)Write and maintain Python scripts for build integration, reporting, and automation of SBOM tasks
What Are We Looking For
Experience with Yocto Build System (BitBake, meta layers, custom recipes)Strong hands-on experience with SPDX standards (preferably 3.0) and SBOM generation tools (e.g., SPDX tools, FOSSology, CycloneDX, scancode-toolkit)Solid understanding of CI/CD concepts and Jenkins pipeline developmentProficiency with Git, Gerrit, JIRA, and other collaborative toolsIn-depth knowledge of Python scripting, including advanced conceptsExperience working with Makefiles, toolchains, and compiler optimization in embedded environmentsStrong grasp of open-source licensing, compliance, and security scanning (CVE/NVD tools)Excellent problem-solving, communication, and collaboration skills
Location - Ahmedabad, Pune, BangaloreLocation:
IN-GJ-Ahmedabad, India-Ognaj (eInfochips)
Time Type:
Full time
Job Category:
Engineering Services