Software Engineer (Information Security (Open Source Compliance)) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Centraprise · 1 week ago

Software Engineer (Information Security (Open Source Compliance))

positionJersey City, NJ
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
date9+ years exp

Centraprise is seeking a Software Engineer focused on Information Security and Open Source Compliance. The role involves automating audits, managing dependencies, ensuring compliance with open source licenses, and integrating security testing into software development pipelines.

EmploymentRecruitingStaffing Agency
check
Growth Opportunities
check
H1B Sponsor Likelynote
Hiring Manager
Manav Singh
linkedin

Responsibilities

Automate audits of binaries and source for license usage; run SCA and produce SBOMs (CycloneDX/SPDX)
Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft(where applicable)
Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray
Operationalize GitOps (GitHub/GitLab) and design CI/CD pipelines using GitHub Actions / GitLab CI
Integrate SAST/DAST/IAST into embedded and app pipelines (C/C++, C #, Python, JavaScript, XML); enforce gates, SLAs, and remediation workflows
Triage third-party vulnerabilities and assess results from CodeQL, SonarQube, and related scanners; drive fix plans across firmware and supporting services
Create, publish, and continually revalidate Open Source Candidates (GPL/MPL and others) with reproducible build scripts, license texts, copyright notices, and end-user instructions
Triage and resolve revalidation build errors (toolchain, linking, dependency, packaging), ensuring public distribution materials remain accurate
Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls
Ensure compliance with open source licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC 2) in partnership with Engineering, Legal, and external stakeholders
Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document obligations (attribution, source offer, relinking), and guide compliant implementation patterns (static vs. dynamic link, dual license scenarios)
Author/update SOPs, Working Instructions, developer-facing runbooks, and public distribution READMEs
Develop and deliver open source and product-based GRC training to employees and contractors
Communicate complex build processes, package management, and license implications to technical and non-technical audiences
Lead incident response (identify, contain, recover), conduct post-incident reviews, and recommend program and control improvements
Monitor industry trends and best practices in Open Source License Compliance; propose program updates proactively
Publish compliance/security dashboards in Power BI; use SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness for executive decision-making
Work cross-functionally with engineering teams, Legal, and senior leadership for status updates, new requirements intake, and policy alignment; engage external partners (ODMs, vendors, consultants) to meet compliance obligations

Qualification

Embedded software developmentOpen Source ComplianceCI/CD pipelinesSecurity TestingCMakeClang/LLVMGitOpsPower BISQLTrainingDocumentationCollaborationCommunication

Required

7+ years in embedded software development (Linux kernel, device/firmware), plus 2+ years in a security-focused role (DevSecOps/AppSec/Compliance)
Deep, practical familiarity with GPL/LGPL/MPL/MIT/Apache requirements (attribution, source publication, relinking, derivative work analysis) and enforcement throughout the SDLC
Strong in C, C++, C#; proficient in Python/JavaScript for automation/tooling; confident with XML/JSON/YAML for configs and SBOMs
Proficient with CMake, Clang/LLVM, cross compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray
Hands-on with GitHub Actions / GitLab CI and GitOps practices (GitHub/GitLab) for policy as code and environment orchestration
Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL, SonarQube, ScanCode, and SBOM tooling (SPDX/CycloneDX)
Able to build Power BI dashboards, write SQL, and translate complex technical topics into clear narratives for technical and non-technical audiences
Exceptional writing quality for SOPs, Working Instructions, and public distribution artifacts; experienced trainer for OSS/GRC topics
Comfortable influencing cross-functional roadmaps and mediating license/security trade-offs with engineering, Legal, and external partners

Company

Centraprise

twittertwitter
company-logo
Centraprise is an executive search and direct hire company.
dateFounded in 2010
location
Edison, New Jersey, USA
people-size501-1000 employees
web-link
https://www.centraprise.com/

H1B Sponsorship

Centraprise has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (34)
2024 (16)
2023 (49)
2022 (35)
2021 (42)
2020 (125)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Praveen Mummaneni
Chief Executive Officer
linkedin
leader-logo
Anand Bandarupally
Managing Partner - Developing Recruitment and Business Development
linkedin
Company data provided by crunchbase