Implement and maintain rigorous static analysis layers using Mypy, Ruff, or Flake8
Lead migration of legacy repos from pip/requirements.txt to Poetry β define dependency groups, manage pyproject.toml, and ensure deterministic builds
Drive test coverage strategies with meaningful Pytest suites that catch regressions before production
Proactively fix security flaws including removal of hardcoded secrets and patching CVEs
Maintain and optimize Docker images using multi-stage builds and minimal base images
Manage the software bill of materials (SBOM) by automating dependency bumps and resolving breaking changes
Build and refine pre-commit hooks and GitHub Actions to automate repetitive tasks
Requirements
Deep Python expertise including modern type-hinting and asynchronous programming
Proficient in Poetry and PyPI workflows; strong grasp of dependency resolution and lock files
Proven experience with pytest, coverage metrics, and integration testing patterns
Hands-on experience with security scanners β Bandit, TruffleHog, Snyk, or Safety
Solid command of Docker and CI/CD orchestration (GitHub Actions, GitLab CI, or Jenkins)
Obsessive attention to detail β bothered by a missing type hint or an unpinned dependency