Product Security Engineer - OSS

Responsibilities

• Partner with development teams to establish and enforce secure open-source usage practices, including component selection and lifecycle management.
• Integrate, optimize, and automate Software Composition Analysis (SCA) tools within CI/CD pipelines to detect vulnerabilities and generate SBOMs.
• Build automation and dashboards to deliver actionable OSS security metrics and risk insights.
• Drive timely remediation of OSS vulnerabilities by embedding security into developer workflows.
• Research emerging OSS ecosystem threats and supply-chain attack vectors to inform security strategy.

Requirements

• Prior software development experience with Python, Java, or .NET.
• Strong understanding of Open Source Security, dependency management, and package ecosystem risks.
• Experience with SCA tools such as Black Duck, Checkmarx, or Snyk, including CI/CD integration.
• Familiarity with SBOM standards (SPDX, CycloneDX) and modern supply-chain security frameworks.
• Experience with Linux, executing commands, and working with container platforms like Docker and Kubernetes.

Preferred Qualifications

• Security industry certifications such as CISSP, SSCP, CISM, SANS GSEC, or Security+.
• Certifications focused on cloud or supply-chain security (e.g., CCSP, CSSLP).

Benefits

• Comprehensive healthcare programs.
• Award-winning financial wellness tools and resources.
• Generous leave of absence for new parents and caregivers.
• Industry-leading wellness platform.

About the Company

Dell Technologies is a unique family of businesses that helps individuals and organizations transform how they work, live, and play. Our Product Security Engineering Team ensures that all code developed at Dell is secure by default, building security into every phase of the software development lifecycle.