Senior Python Engineer - Source Stewardship & Tooling

Job Description

A client of Insight Global is looking for a Senior Software Engineer. In this role, you will work as part of a team responsible for establishing the technical stewardship capabilities required by the EU Cyber Resilience Act (CRA). You will focus on developing the tooling and infrastructure necessary to generate comprehensive Software Bill of Materials (SBOMs) for critical open-source community projects and integrating these manifests into Red Hat’s incident response workflows.

You will build automated solutions that bridge the gap between upstream project development and downstream security compliance, ensuring rapid detection of vulnerabilities in open-source components. You will collaborate with internal security teams and external open-source communities to align on data standards and "secure by design" principles.

• Design and develop automated tooling to generate and maintain Software Bill of Materials (SBOMs) for upstream open-source projects in standardized machine-readable formats (e.g., SPDX, CycloneDX).
• Integrate SBOM generation into community Continuous Integration (CI) systems to ensure real-time tracking of top-level and transitive dependencies, including the generation of unique component identifiers (CPE, PURL).
• Build "Early Warning" workflows by connecting community SBOMs with Red Hat's Product Security Incident Response Team (PSIRT) tooling, enabling the automatic mapping of new vulnerabilities (CVEs) to impacted upstream projects.
• Implement machine-readable advisory generation (CSAF VEX) for community projects to support transparency and automated vulnerability handling requirements.
• Continuously improve tooling to reduce the average time to patch critical vulnerabilities in stewarded open-source components.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances.

Advanced (5+ years) knowledge of Python programming language and its ecosystems.

• 4+ years experience designing non-trivial algorithms and systems.
• 2+ years developing and testing applications using Python programming language and adjacent ecosystem.
• Deep understanding of Software Supply Chain Security concepts, including SBOM standards (SPDX, CycloneDX) and vulnerability data formats (CSAF, VEX, OSV).
• Intermediate (3+ years) experience with relational databases (e.g., PostgreSQL) for managing vulnerability and component metadata.
• Experience with CI/CD pipelines (e.g., Tekton, Git Hub Actions, Git Lab CI) and integrating security scanning tools into build processes.
• Interest in the container ecosystem (Kubernetes, Red Hat Open Shift, Podman).
• Good written and verbal communication skills in English, with a strong ability to collaborate in open-source communities.