Open Source Software (OSS)

Product Security Engineer - OSS

The Dell Technologies Product Security Engineering Team is responsible for ensuring that all code developed at Dell is secure by default.

Security Engineers are product security subject matter experts that come from a software development background and utilize their unique skillset to partner with engineering teams across the company to build security into every phase of the software development lifecycle at Dell Technologies.

Join us as a Product Security Engineer - OSS on our Product Security and Applications Team in Bangalore to do the best work of your career and make a profound social impact.

What you'll achieve

The Product Security Engineering Team is seeking a Security Engineer specializing in Open-Source Security who will collaborate closely with development teams, product security leaders, and cross-functional stakeholders to mature Dell's OSS governance, accelerate secure OSS adoption, and reduce risk from third-party components.

You will:


* Partner with development teams to establish and enforce secure open-source usage practices, including component selection, patching, and lifecycle management.


* Integrate, optimize, and automate Software Composition Analysis (SCA) tools within CI/CD pipelines to detect vulnerabilities, enforce policy, and generate SBOMs.


* Build automation and dashboards that deliver actionable OSS security metrics, risk insights, and executive-level KPIs.


* Drive timely remediation of OSS vulnerabilities by embedding security into developer workflows and providing expert guidance on dependency hygiene.


* Research emerging OSS ecosystem threats, supply-chain attack vectors, and industry best practices, informing security strategy and tooling enhancements.

Take the first step towards your dream career

Every Dell Technologies team member brings something unique to the table.

Here's what we are looking for with this role:

Essential Requirements


* Prior software development experience with one or more languages such as Python, Java, or .NET.


* Strong understanding of Open Source Security, including dependency management, package ecosystem risks, vulnerability disclosure processes, and OSS community norms.


* Experience with SCA tools (e.g., Black Duck, Checkmarx, Snyk, or similar), including configuration, CI/CD integration, and policy tuning.


* Familiarity with SBOM standards (SPDX, CycloneDX), container security, and modern supply-chain security frameworks (SLSA, NIST SSDF, in-toto).


* Experience executing Linux commands, writing database queries, and working with container platforms such as Docker and Kubernetes.

Desirable Requirements


* A security industry certification is required including but not limited to CISSP, SSCP, CISM, SANS GSEC, ECSA, ECSP, and Security+.


* Certifications focused on cloud or supply-chain security are a plus (e.g., CCSP, CSSLP, SLSA-accredited training).

Who we are

We believe that each...