×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Sr Information Security Engineer; Source Compliance

Job in Richardson, Dallas County, Texas, 75080, USA
Listing for: InfoVision Inc.
Full Time position
Listed on 2026-01-11
Job specializations:
  • IT/Tech
    Cybersecurity
Job Description & How to Apply Below
Position: Sr Information Security Engineer (Open Source Compliance)

Sr Information Security Engineer (Open Source Compliance)

Location:

Dallas, TX - onsite (five days a week)

The ideal candidate brings at least eight years of hands‑on embedded software development experience, with a proven track record of transitioning into security‑focused roles. You’ll demonstrate mastery in open‑source license compliance, CI/CD automation, vulnerability management, and technical communication—showing both self‑reliance and the ability to lead initiatives from concept to production.

Skills
  • Experience: 7+ years in embedded software development (Linux kernel, device/firmware), plus 2+ years in a security‑focused role (Dev Sec Ops /App Sec/Compliance).
  • Licensing & Policy: Deep familiarity with GPL/LGPL/MPL/MIT/Apache requirements and enforcement throughout the SDLC.
  • Build, Packaging & Artifacts: Proficient with CMake, Clang/LLVM, cross‑compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray.
  • CI/CD & Git Ops: Hands‑on with Git Hub Actions / Git Lab CI and Git Ops practices for policy‑as‑code and environment orchestration.
  • Testing & Vulnerability Triage: Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL, Sonar Qube, Scan Code, and SBOM tooling (SPDX/Cyclone

    DX).
  • Data & Communication: Able to build Power BI dashboards, write SQL, and translate complex technical topics into clear narratives for technical and non‑technical audiences.
  • Documentation & Training: Exceptional writing quality for SOPs, Working Instructions, and public distribution artifacts; experienced trainer for OSS/GRC topics.
  • Collaboration: Comfortable influencing cross‑functional roadmaps and mediating license/security trade‑offs with engineering, Legal, and external partners.
  • Education: Bachelor’s or Master’s in Computer Engineering, Electrical Engineering, Computer Science, or closely related field. Security certifications (e.g., CISSP, CSSLP) are a plus.
Responsibilities Engineering & Automation (Embedded + SDLC)
  • Automate audits of binaries and source for license usage; run SCA and produce SBOMs (Cyclone DX/SPDX).
  • Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft (where applicable).
  • Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray.
  • Operationalize Git Ops (Git Hub/Git Lab) and design CI/CD pipelines using Git Hub Actions / Git Lab CI.
Security Testing & Vulnerability Management
  • Triage third‑party vulnerabilities and assess results from CodeQL, Sonar Qube, and related scanners; drive fix plans across firmware and supporting services.
  • Create, publish, and continually revalidate Open Source Candidates (GPL/MPL and others) with reproducible build scripts, license texts, copyright notices, and end‑user instructions.
  • Triage and resolve revalidation build errors (toolchain, linking, dependency, packaging), ensuring public distribution materials remain accurate.
Compliance & Governance
  • Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls.
  • Ensure compliance with open‑source licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC
    2) in partnership with Engineering, Legal, and external stakeholders.
  • Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document obligations (attribution, source offer, relinking), and guide compliant implementation patterns.
Documentation, Training & Enablement
  • Author/update SOPs, Working Instructions, developer‑facing runbooks, and public distribution READMEs.
  • Develop and deliver open‑source & product‑based GRC training to employees and contractors.
  • Communicate complex build processes, package management, and license implications to technical and non‑technical audiences.
  • Lead incident response (identify, contain, recover), conduct post‑incident reviews, and recommend program & control improvements.
  • Monitor industry trends and best practices in Open Source License Compliance; propose program updates proactively.
Data & Reporting
  • Publish compliance/security dashboards in Power BI; use SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness for executive decisioning.
Collaboration & Stakeholder Management
  • Work cross‑functionally with engineering teams, Legal, and senior leadership for status updates, new requirements intake, and policy alignment; engage external partners (ODMs, vendors, consultants) to meet compliance obligations.

Raj Vemula
Senior Director – Global Sourcing

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search