SBOM Engineer

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

SBOM Engineer

We are a leading healthcare organization committed to providing innovative and regulated solutions that adhere to the highest standards of patient safety and regulatory compliance. Our InnerSource & Open Source Office (ISOSO) is responsible for managing and ensuring compliance with open source software usage in our commercial products.

To strengthen our Software Supply Chain Compliance & Integrity team, we are seeking an experienced Software Supply Chain Engineer who can work collaboratively with software architects, developers, and cross-functional teams to ensure our products meet regulatory requirements.

The opportunity:

• Software Bill of Materials (SBOM): Collaborates with software architects, senior developers and devops leads to generate a comprehensive Software Bill of Materials (SBOM) for our commercial products, including detailed information on open source components and dependencies.

• Open Source Compliance: Review, analyze, and assess the usage of open source software in our products to ensure compliance with Roche relevant regulations and licenses, including knowledge of how usage, deployment, and architecture affects compliance.

• CI/CD Integration: Integrate open source compliance checks into our Continuous Integration and Continuous Deployment (CI/CD) pipelines, facilitating the early identification of compliance issues and minimizing compliance risks.

• Dependency Management: Demonstrate proficiency in managing dependencies for at least two of the following programming languages: .NET/C#, Python, Java, C/C++, Node.JS/TypeScript, considering both proprietary and open source components.

• Compliance Documentation: Create and maintain clear and concise compliance documentation, including policies, procedures, and best practices, to foster a compliant development environment.

• CycloneDX Expertise: Utilize your expertise with CycloneDX, a lightweight SBOM standard, to enhance the accuracy and efficiency of our compliance processes.

• Regulatory Compliance: Stay informed about industry regulations, particularly FDA requirements, and ensure that our open source compliance practices align with current and emerging standards.

• Training and Support: Provide training and support to development teams on open source compliance practices, fostering a culture of awareness and responsibility.

• Open Source License Knowledge: Provide expert guidance to development teams on open source licensing requirements, restrictions, and obligations to ensure legal and regulatory compliance.

Who you are:

• Minimum of 2 years of practical experience in open source compliance, preferably in a regulated industry such as healthcare or medical devices.

• CI/CD Knowledge: Proven experience with CI/CD pipelines and integrating open source compliance checks into the development process.

• Open Source License Expertise: Thorough understanding of open source licenses, their implications, and best practices for compliance.

• Dependency Management: Proficiency in managing dependencies for two or more programming languages, such as .NET/C#, Python, Java, C/C++, Node.JS/TypeScript.

• Operating Systems: Familiarity with both Linux and Windows operating systems and their interactions with open source components.

• Communication: Excellent interpersonal and communication skills to work effectively with cross-functional teams and explain complex compliance issues clearly.

• Analytical Skills: Strong analytical and problem-solving abilities to identify compliance gaps and recommend appropriate solutions.

• Proactive Approach: Self-driven, proactive, and able to work independently with minimal supervision.

• CycloneDX: Demonstrable experience working with CycloneDX or similar SBOM formats it would be a value added.

What you get:

• Salary range 18 000 - 22 000PLN gross based on the employment contract (Umowa o pracę),

• Annual bonus payment based on your performance;

• Dedicated training budget (training, certifications, conferences, diversified career paths etc.);

• Recharge Fridays (2 Fridays off per quarter available)

• Take time Program (up to 3 months of leave to use for any purpose)

• Flex Location (possibility to perform our work from different places in the world for a certain period of time)

• Take Time for Charity (additional paid leave of maximum 2 weeks to engage in the charity action of your choice)

• Private healthcare ( LuxMed packages) and group life insurance (UNUM); 

• Stock share purchase additions;

• Yearly sales of company laptops and cars and many more

APPLY DIRECTLY

If you feel this offer suits a friend of yours, feel free to share it. 

Want to know what it’s like to be a part of Roche IT first-hand?  Check out our blog!  

https://careers.roche.com/global/en/we-are-roche

The controller of your personal data is Roche Polska Sp. z o.o., ul. Domaniewska 28, 02-672 Warsaw. The data is processed for the purpose of recruitment. You have the right to access your data, rectify it, delete it, limit processing, transfer it and - if processing is based on your consent - withdraw this consent at any time. Contact the Data Protection Officer at: [email protected]. More information on the principles of processing your personal data by Roche at the link:  

 https://www.roche.pl/pl/content/klauzula-informacyjna-rekrutacja-en.html

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

At Roche Poland, we are more than 800 professionals working together on one mission. We are proud of who we are, what we do and how we do it. Join us in the area of Clinical Research, Medical, Marketing, IT or business departments.