This job offer is no longer available
Software Supply Chain Security Engineer
Lumentum
- Ottawa, Ontario, Canada
- Ottawa, Ontario, Canada
About
We're committed to bringing passion and customer focus to the business.
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us
Lumentum Canada was awarded the 2022 National Capital Region's Top Employers for the 6th consecutive year and the 2022 Career Directory Canada's Best Employers for Recent Graduates for the 5th consecutive year.
Position Title: Software Supply Chain Security Engineer (SBOM & Vulnerability Management)
Employment Type: Full-time, Existing vacancy
Location: Ottawa ON, Onsite
About Lumentum
At Lumentum, we're building the tech behind the world's fastest networks and most advanced systems. Our optical and photonic solutions power everything from AI and cloud computing to data centers, telecom, and advanced manufacturing.
We're a global team of innovators working where light meets technology, solving big challenges that keep the world connected and moving forward. If shaping the future of connectivity excites you, you'll fit right in.
What You'll Be Doing
Generate, validate, and maintain SBOMs (SPDX, CycloneDX) across products and CI/CD pipelines.
Interpret SBOMs to assess license compliance, provenance, and transitive risk.
Run continuous vulnerability scanning (CVE, CWE) and produce clear, prioritized reports.
Triage findings by exploitability (EPSS), impact, and exposure; drive remediation SLAs.
Upgrade or replace vulnerable open-source packages; backport fixes when upgrades aren't feasible.
Collaborate with product teams to resolve vulnerabilities with minimal regression risk.
Automate policy gates for builds/releases (e.g., block on critical CVEs).
Track and report risk metrics to security, engineering, and compliance stakeholders.
Support audits and customer security inquiries related to SBOMs and supply chain risk.
Education
What We're Looking For
Bachelor's degree in computer science, Computer Engineering, Software Engineering, Electrical Engineering, or a related field
Experience
5+ years in software engineering, DevSecOps, or application security.
Hands-on experience generating and consuming SBOMs.
Proven vulnerability management and remediation experience.
CI/CD automation experience (GitHub Actions, GitLab CI, Jenkins).
Proficiency in at least one systems language (Go, Python, C/C++).
Solid understanding of licenses (MIT, Apache 2.0, GPL).
Perks You'll Love
Flexible time off
Health and wellness benefits (physical and mental)
Tuition reimbursement and career growth support
A workplace built for you: free gym, games room, prayer room
Subsidized meals, free coffee/tea
Employee stock options and incentive plans
A collaborative, innovative, and inclusive culture
Salary Range
The salary range for this position is $110,625 - $149,675 CAD (Flexible).
Final compensation will be determined based on factors such as experience, skills, and qualifications. In line with our commitment to being a great place to work, Lumentum offers competitive total rewards which may include annual bonus, equity, and comprehensive health and welfare benefits.
Join a Team That's Shaping the Future
At Lumentum, we're more than just a workplace—we're a launchpad for creativity and innovation. We're committed to celebrating your unique talents and helping you grow. Our guiding principles—Innovate, Engage, Deliver, Excel, and Win—aren't just words; they're the heart of what we do.
Let's Build a Brighter Future Together
We're committed to building an inclusive workplace where everyone feels valued and empowered. We welcome applicants from all backgrounds and provide accommodations for individuals with disabilities throughout the hiring process. Your uniqueness makes us stronger, sparks creativity, and drives our success.
Please contact us at to request accommodation.
Join us—your future starts here
Languages
- English
Notice for Users
This job was posted by one of our partners. You can view the original job source here.