SCA Implementation SME

Role Summary
The SCA Implementation SME will focus on implementing and optimizing Software Composition Analysis (SCA) tools and processes across the organization. This leadership role will guide the integration, and operationalization to strengthen software supply chain security. The SME will influence process improvements, policy development, and training strategies.

Key Responsibilities
· Serve as the delegate for the Project Lead, supporting program execution and stakeholder engagement.

· Lead the implementation, configuration, and management of SCA tools (e.g., Endor Labs, Mend/WhiteSource, Black Duck, Snyk) to identify vulnerabilities and license compliance issues in open-source and third-party components.

· Define and optimize policies, standards, and workflows for SCA integration and vulnerability management.

· Integrate SCA tools and processes into the Software Development Lifecycle (SDLC) and CI/CD pipelines to automate security checks.

· Guide the development of secure coding and open-source governance training programs.

· Monitor industry trends and emerging technologies to recommend enhancements to SCA tools and methodologies.

· Establish metrics and reporting frameworks to measure program effectiveness and progress.

· Support troubleshooting and escalation management for SCA-related issues in collaboration with technical teams and vendors.

· Oversee generation and management of Software Bills of Materials (SBOMs) for compliance and risk assessment.

Required Knowledge & Skills
· SCA Expertise: Deep understanding of SCA principles, tools, and best practices for managing open-source and third-party components.

· Software Supply Chain Security: Strong knowledge of vulnerability prevention, license compliance, and SBOM management.

· Tooling Knowledge: Familiarity with Endor Labs, Mend/WhiteSource, Black Duck, Snyk, and related technologies.

· DevSecOps Integration: Experience embedding SCA into CI/CD pipelines and automating security checks.

· Program Leadership: Ability to guide large-scale security initiatives, manage tool migrations, and optimize processes.

· Strategic Communication: Skilled in influencing stakeholders and articulating program goals and improvements.

· Risk Assessment: Experience assessing vulnerabilities and license risks in third-party components.