Security Lit - Software Composition Analysis Engineer

Overview

As a Software Composition Analysis (SCA) Engineer, you will be responsible for ensuring the security, compliance, and integrity of all software components used in our projects.

You will identify and address vulnerabilities, enforce licensing rules, and promote secure development practices across our technology stack.

Work Experience : 1 - 3 Years

Job Location : Mumbai

What You Will Do

• Component Security Analysis : Use SCA tools to scan software codebases including both in-house and third-party/open-source components for vulnerabilities and security risks.
• Vulnerability Assessment : Analyse scan results to determine the severity and urgency of each issue and prioritize fixes.
• License Compliance : Check all software components for compliance with licensing agreements.
  
  

Advise teams on licensing implications to avoid legal risks.

• SBOM Management : Maintain an accurate Software Bill of Materials (SBOM), tracking all components, versions, and dependencies.
• Collaboration : Work closely with developers to communicate findings, suggest secure alternatives, and assist with remediation.
• Remediation Tracking : Follow up to ensure vulnerabilities are fixed and verify resolutions with follow-up scans.
• Reporting & Documentation : Document all findings, actions, and compliance status.
• Prepare clear reports for both technical and non-technical stakeholders.
• Continuous Learning : Stay current with the latest trends in software security, open-source risks, and regulatory requirements.
• Training & Improvement : Participate in security meetings and training sessions.
• Help improve SCA processes and tools based on industry best practices.
• Cross-Functional Coordination : Partner with compliance and legal teams to ensure all software meets regulatory and legal standards.
  
  

• Analytical Skills : Strong ability to analyse, prioritize, and solve complex security issues.
• SCA Tools : Hands-on experience with software composition analysis tools and methodologies.
• DevSecOps : Familiarity with DevSecOps practices and integrating security into CI/CD pipelines.
• Compliance Knowledge : Understanding of regulatory standards such as GDPR, PCI DSS, and others relevant to software development.
• Open-Source Awareness : Basic knowledge of open-source software, including licensing and compliance considerations.
• Communication : Excellent ability to explain technical issues and collaborate with developers, security, and legal teams.
• Organization : Capable of managing multiple tasks and adapting to a fast-paced environment.
  
  

• Education : Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field.
• Experience : 1 - 3 years in software development, application security, or a closely related area.
• Certification : Certified Ethical Hacker (CEH) certification is required
  
  

(ref:hirist.tech)