×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Software Engineer-Information Security; Source Compliance IRC

Job in Dallas, Dallas County, Texas, 75215, USA
Listing for: Hitachi Vantara Corporation
Full Time position
Listed on 2026-01-19
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 120000 - 130000 USD Yearly USD 120000.00 130000.00 YEAR
Job Description & How to Apply Below
Position: Software Engineer-Information Security (Open Source Compliance) IRC286485

Description

Engineering & Automation (Embedded + SDLC):

  • Automate audits of binaries and source for license usage; run SCA and produce SBOMs (Cyclone

    DX/SPDX).
  • Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft(where applicable).
  • Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray.
  • Operationalize Git Ops (Git Hub/Git Lab) and design CI/CD pipelines using Git Hub Actions / Git Lab CI.

Security Testing & Vulnerability Management:

  • Integrate SAST/DAST/IAST into embedded and app pipelines (C/C++, C #, Python, JavaScript, XML); enforce gates, SLAs, and remediation workflows.
  • Triage third‑party vulnerabilities and assess results from CodeQL, Sonar Qube, and related scanners; drive fix plans across firmware and supporting services.

Open Source Candidates & Revalidation:

  • Create, publish, and continually revalidate Open Source Candidates (GPL/MPL and others) with reproducible build scripts, license texts, copyright notices, and end‑user instructions.
  • Triage and resolve revalidation build errors (toolchain, linking, dependency, packaging), ensuring public distribution materials remain accurate.
Requirements
  • Work cross‑functionally with engineering teams, Legal, and senior leadership for status updates, new requirements intake, and policy alignment; engage external partners (ODMs, vendors, consultants) to meet compliance obligations.
  • 7+ years in embedded software development (Linux kernel, device/firmware), plus 2+ years in a security‑focused role (Dev Sec Ops /App Sec/Compliance).
  • Licensing & Policy:
    Deep, practical familiarity with GPL/LGPL/MPL/MIT/Apache requirements (attribution, source publication, relinking, derivative work analysis) and enforcement throughout the SDLC.
  • Languages & Stacks:
    Strong in C, C++, C#; proficient in Python/JavaScript for automation/tooling; confident with XML/JSON/YAML for configs and SBOMs.
  • Build, Packaging & Artifacts:
    Proficient with CMake, Clang/LLVM, cross compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray.
  • CI/CD & Git Ops:
    Hands‑on with Git Hub Actions / Git Lab CI and Git Ops practices (Git Hub/Git Lab) for policy as code and environment orchestration.
  • Testing & Vulnerability Triage:
    Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL, Sonar Qube, Scan Code, and SBOM tooling (SPDX/Cyclone

    DX).
  • Data & Communication:
    Able to build Power BI dashboards, write SQL, and translate complex technical topics into clear narratives for technical and non‑technical audiences.
  • Documentation & Training:
    Exceptional writing quality for SOPs, Working Instructions, and public distribution artifacts; experienced trainer for OSS/GRC topics.
  • Collaboration:

    Comfortable influencing cross‑functional roadmaps and mediating license/security trade‑offs with engineering, Legal, and external partners.
  • Bachelor's or Master's in Computer Engineering, Electrical Engineering, Computer Science, or a closely related field. Security certifications (e.g., CISSP, CSSLP) are a plus.
Job responsibilities Compliance & Governance
  • Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls.
  • Ensure compliance with open source licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC
    2) in partnership with Engineering, Legal, and external stakeholders.
  • Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document obligations (attribution, source offer, relinking), and guide compliant implementation patterns (static vs. dynamic link, dual license scenarios).
Documentation, Training & Enablement
  • Author/update SOPs, Working Instructions, developer‑facing runbooks, and public distribution READMEs.
  • Develop and deliver open source and product‑based GRC training to employees and contractors.
  • Communicate complex build processes, package management, and license implications to technical and non‑technical audiences.
Incident Response & Continuous Improvement
  • Lead incident response (identify, contain, recover), conduct post‑incident reviews, and recommend program and control…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search