Apply on Employer Site

InfoVision Inc. · 1 day ago

Sr Information Security Engineer (Open Source Compliance)

Richardson, TX

Contract

Onsite

Senior Level, Lead/Staff

8+ years exp

InfoVision Inc. is seeking a Senior Information Security Engineer specializing in Open Source Compliance. The role involves ensuring compliance with open-source licenses, automating security processes, and managing vulnerabilities while collaborating with cross-functional teams to maintain security standards.

Information Technology & Services

Growth Opportunities

H1B Sponsor Likely

Hiring Manager

Raj Vemula

Responsibilities

Automate audits of binaries and source for license usage; run SCA and produce SBOMs (Cyclone DX/SPDX)

Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft (where applicable)

Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray

Operationalize GitOps (GitHub/GitLab) and design CI/CD pipelines using GitHub Actions / GitLab CI

Integrate SAST/DAST/IAST into embedded and app pipelines (C/C++/C#, Python, JavaScript, XML); enforce gates, SLAs, and remediation workflows

Triage third-party vulnerabilities and assess results from CodeQL, SonarQube, and related scanners; drive fix plans across firmware and supporting services

Create, publish, and continually revalidate Open Source Candidates (GPL/MPL and others) with reproducible build scripts, license texts, copyright notices, and end-user instructions

Triage and resolve revalidation build errors (toolchain, linking, dependency, packaging), ensuring public distribution materials remain accurate

Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls

Ensure compliance with open-source licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC 2) in partnership with Engineering, Legal, and external stakeholders

Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document obligations (attribution, source offer, relinking), and guide compliant implementation patterns (static vs. dynamic link, dual-license scenarios)

Author/update SOPs, Working Instructions, developer-facing runbooks, and public distribution READMEs

Develop and deliver open-source and product-based GRC training to employees and contractors

Communicate complex build processes, package management, and license implications to technical and non-technical audiences

Lead incident response (identify, contain, recover), conduct post-incident reviews, and recommend program and control improvements

Monitor industry trends and best practices in Open Source License Compliance; propose program updates proactively

Publish compliance/security dashboards in Power BI; use SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness for executive decisioning

Work cross-functionally with engineering teams, Legal, and senior leadership for status updates, new requirements intake, and policy alignment; engage external partners (ODMs, vendors, consultants) to meet compliance obligations

Qualification

Open-source license complianceEmbedded software developmentCI/CD automationVulnerability managementC/C++/C# programmingPython/JavaScript automationSAST/DAST/IAST integrationPower BI dashboardsDocumentation writingTraining experienceSQLRisk assessmentEducation in related fieldSecurity certificationsTechnical communicationCollaboration

Required

Experience: 7+ years in embedded software development (Linux kernel, device/firmware), plus 2+ years in a security‑focused role (DevSecOps/AppSec/Compliance)

Licensing & Policy: Deep, practical familiarity with GPL/LGPL/MPL/MIT/Apache requirements (attribution, source publication, relinking, derivative‑work analysis) and enforcement throughout the SDLC

Languages & Stacks: Strong in C, C++, C#; proficient in Python/JavaScript for automation/tooling; confident with XML/JSON/YAML for configs and SBOMs

Build, Packaging & Artifacts: Proficient with CMake, Clang/LLVM, cross‑compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray

CI/CD & GitOps: Hands‑on with GitHub Actions/GitLab CI and GitOps practices (GitHub/GitLab) for policy‑as‑code and environment orchestration

Testing & Vulnerability Triage: Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL, SonarQube, ScanCode, and SBOM tooling (SPDX/CycloneDX)

Data & Communication: Able to build Power BI dashboards, write SQL, and translate complex technical topics into clear narratives for technical and non-technical audiences

Documentation & Training: Exceptional writing quality for SOPs, Working Instructions, and public distribution artifacts; experienced trainer for OSS/GRC topics

Collaboration: Comfortable influencing cross‑functional roadmaps and mediating license/security trade‑offs with engineering, Legal, and external partners

Education: Bachelor's or Master's in Computer Engineering, Electrical Engineering, Computer Science, or closely related field

Preferred

Security certifications (e.g., CISSP, CSSLP) are a plus

Company

InfoVision Inc.

Glassdoor4.2

Infovision, founded in 1995, is a leading global IT services company offering enterprise digital transformation and modernization solutions across business verticals.

Founded in 1995

Richardson, TX, US

1001-5000 employees

https://www.infovision.com/

H1B Sponsorship

InfoVision Inc. has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (94)

2024 (59)

2023 (59)

2022 (72)

2021 (65)

2020 (90)