Software Composition Analysis (SCA) Implementation SME

Job Description The SCA Implementation SME will focus on implementing and optimizing Software Composition Analysis (SCA) tools and processes across the organization. This leadership role will guide the integration, and operationalization to strengthen software supply chain security. The SME will influence process improvements, policy development, and training strategies. u2022u2003Serve as the delegate for the Project Lead, supporting program execution and stakeholder engagement. u2022u2003Lead the implementation, configuration, and management of SCA tools (e.g., Endor Labs, Mend/WhiteSource, Black Duck, Snyk) to identify vulnerabilities and license compliance issues in open-source and third-party components. u2022u2003Define and optimize policies, standards, and workflows for SCA integration and vulnerability management. u2022u2003Integrate SCA tools and processes into the Software Development Lifecycle (SDLC) and CI/CD pipelines to automate security checks. u2022u2003Guide the development of secure coding and open-source governance training programs. u2022u2003Monitor industry trends and emerging technologies to recommend enhancements to SCA tools and methodologies. u2022u2003Establish metrics and reporting frameworks to measure program effectiveness and progress. u2022u2003Support troubleshooting and escalation management for SCA-related issues in collaboration with technical teams and vendors. u2022u2003Oversee generation and management of Software Bills of Materials (SBOMs) for compliance and risk assessment. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: Skills and Requirements u2022u2003SCA Expertise: Deep understanding of SCA principles, tools, and best practices for managing open-source and third-party components. u2022u2003Software Supply Chain Security: Strong knowledge of vulnerability prevention, license compliance, and SBOM management. u2022u2003Tooling Knowledge: Familiarity with Endor Labs, Mend/WhiteSource, Black Duck, Snyk, and related technologies. u2022u2003DevSecOps Integration: Experience embedding SCA into CI/CD pipelines and automating security checks. u2022u2003Program Leadership: Ability to guide large-scale security initiatives, manage tool migrations, and optimize processes. u2022u2003Strategic Communication: Skilled in influencing stakeholders and articulating program goals and improvements. u2022u2003Risk Assessment: Experience assessing vulnerabilities and license risks in third-party components.

Created: 2026-05-02