×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Software Engineer; Information Security; Source Compliance

Job in Jersey City, Hudson County, New Jersey, 07390, USA
Listing for: Centraprise
Full Time position
Listed on 2026-01-27
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Software Engineer (Information Security (Open Source Compliance))

Overview

Job Title:
Software Engineer (Information Security (Open Source Compliance))

Location:
Dallas, TX (5 day onsite)

Duration:
Long-term

Engineering & Automation (Embedded + SDLC)

Automate audits of binaries and source for license usage; run SCA and produce SBOMs (Cyclone

DX/SPDX).

Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft(where applicable).

Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray.

Operationalize Git Ops (Git Hub/Git Lab) and design CI/CD pipelines using Git Hub Actions / Git Lab CI.

Responsibilities
  • Automate audits of binaries and source for license usage; run SCA and produce SBOMs (Cyclone

    DX/SPDX).
  • Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft(where applicable).
  • Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray.
  • Operationalize Git Ops (Git Hub/Git Lab) and design CI/CD pipelines using Git Hub Actions / Git Lab CI.
  • Security Testing & Vulnerability Management:
    • Triage third-party vulnerabilities and assess results from CodeQL, Sonar Qube, and related scanners; drive fix plans across firmware and supporting services.
    • Create, publish, and continually revalidate Open Source Candidates (GPL/MPL and others) with reproducible build scripts, license texts, copyright notices, and end-user instructions.
    • Triage and resolve revalidation build errors (toolchain, linking, dependency, packaging), ensuring public distribution materials remain accurate.
  • Compliance & Governance:
    • Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls.
    • Ensure compliance with open source licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC
      2) in partnership with Engineering, Legal, and external stakeholders.
    • Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document obligations (attribution, source offer, relinking), and guide compliant implementation patterns (static vs. dynamic link, dual license scenarios).
  • Documentation, Training & Enablement:
    • Author/update SOPs, Working Instructions, developer-facing runbooks, and public distribution READMEs.
    • Develop and deliver open source and product-based GRC training to employees and contractors.
    • Communicate complex build processes, package management, and license implications to technical and non-technical audiences.
    • Lead incident response (identify, contain, recover), conduct post-incident reviews, and recommend program and control improvements.
    • Monitor industry trends and best practices in Open Source License Compliance; propose program updates proactively.
  • Data & Reporting:
    • Publish compliance/security dashboards in Power BI; use SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness for executive decision-making.
  • Collaboration & Stakeholder Management:
    • Work cross-functionally with engineering teams, Legal, and senior leadership for status updates, new requirements intake, and policy alignment; engage external partners (ODMs, vendors, consultants) to meet compliance obligations.
Qualifications
  • 7+ years in embedded software development (Linux kernel, device/firmware), plus 2+ years in a security-focused role (Dev Sec Ops /App Sec/Compliance).
  • Licensing & Policy: Deep, practical familiarity with GPL/LGPL/MPL/MIT/Apache requirements (attribution, source publication, relinking, derivative work analysis) and enforcement throughout the SDLC.
  • Build, Packaging & Artifacts: Proficient with CMake, Clang/LLVM, cross compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray.
  • CI/CD & Git Ops: Hands-on with Git Hub Actions / Git Lab CI and Git Ops practices (Git Hub/Git Lab) for policy as code and environment orchestration.
  • Testing & Vulnerability Triage: Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL, Sonar Qube, Scan Code, and SBOM tooling (SPDX/Cyclone

    DX).
  • Data & Communication: Able to build Power BI dashboards, write SQL, and translate complex technical topics into clear narratives for technical and non-technical audiences.
  • Documentation & Training: Exceptional writing quality for SOPs, Working Instructions, and public distribution artifacts; experienced trainer for OSS/GRC topics.
  • Collaboration: Comfortable influencing cross-functional roadmaps and mediating license/security trade-offs with engineering, Legal, and external partners.
#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search