Freelancer for Software Supply Chain and Vulnerability Management (d/f/m)

Was dich erwartet

• Help improve our workflows and tooling for supply chain vulnerability management, including generating, signing, and publishing SBOMs, performing CVE scans, and efficiently analyzing scan results
• Play a key role in monitoring container images for known security vulnerabilities while automating continuous security checks
• Contribute to the implementation of tools and processes for assessing vulnerabilities and generating/publishing Vulnerability Exploitability (VEX) information
• Enhance license management and compliance monitoring by generating SBOMs and validating the results of automatic license detection

Was du mitbringst

• Strong experience in supply chain security monitoring, particularly SBOMs, CVE/CVSS, and VEX
• Hands-on experience with open-source security scanners (e.g., Trivy), including scanner operation and interpreting security findings
• Experience in VEX generation, maintenance, and publishing
• Familiarity with OCI registries and Linux container artifacts (e.g., Harbor registry, Docker images, Helm charts)
• Experience in automating security workflows using GitLab CI pipelines

Was wir dir bieten

• A company that is 100% committed to open source
• A professional work environment with flat hierarchies and a culture of mutual respect
• A supportive and open-minded team that values collaboration, integrity, and transparency

Interested? Apply online via our application form or send an email to jobs@univention.de. Let us know your availability and daily rate.