Software Engineer-Information Security (Open Source Compliance) IRC286485 jobs in United States
cer-icon
Apply on Employer Site
company-logo

GlobalLogic · 1 day ago

Software Engineer-Information Security (Open Source Compliance) IRC286485

positionDallas, TX
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$120K/yr - $130K/yr
date9+ years exp

GlobalLogic is a trusted digital engineering partner, and they are seeking a Software Engineer in Information Security focused on Open Source Compliance. The role involves automating audits, managing dependencies, integrating security testing into pipelines, and collaborating cross-functionally to ensure compliance with open source licenses.

Developer PlatformInformation TechnologyProduct DesignSoftware
check
H1B Sponsor Likelynote

Responsibilities

Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls
Ensure compliance with open source licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC 2) in partnership with Engineering, Legal, and external stakeholders
Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document obligations (attribution, source offer, relinking), and guide compliant implementation patterns (static vs. dynamic link, dual license scenarios)
Author/update SOPs, Working Instructions, developer-facing runbooks, and public distribution READMEs
Develop and deliver open source and product-based GRC training to employees and contractors
Communicate complex build processes, package management, and license implications to technical and non-technical audiences
Lead incident response (identify, contain, recover), conduct post-incident reviews, and recommend program and control improvements
Monitor industry trends and best practices in Open Source License Compliance; propose program updates proactively.Data & Reporting
Publish compliance/security dashboards in Power BI; use SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness for executive decision-making

Qualification

Embedded software developmentOpen Source ComplianceC/C++ programmingCI/CD pipelinesSAST/DAST/IAST integrationGitOps practicesLicense managementPower BI dashboardsSQL proficiencyTraining experienceCollaborationDocumentationCommunication skillsProblem-solving

Required

7+ years in embedded software development (Linux kernel, device/firmware), plus 2+ years in a security-focused role (DevSecOps/AppSec/Compliance)
Deep, practical familiarity with GPL/LGPL/MPL/MIT/Apache requirements (attribution, source publication, relinking, derivative work analysis) and enforcement throughout the SDLC
Strong in C, C++, C#; proficient in Python/JavaScript for automation/tooling; confident with XML/JSON/YAML for configs and SBOMs
Proficient with CMake, Clang/LLVM, cross compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray
Hands-on with GitHub Actions / GitLab CI and GitOps practices (GitHub/GitLab) for policy as code and environment orchestration
Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL, SonarQube, ScanCode, and SBOM tooling (SPDX/CycloneDX)
Able to build Power BI dashboards, write SQL, and translate complex technical topics into clear narratives for technical and non-technical audiences
Exceptional writing quality for SOPs, Working Instructions, and public distribution artifacts; experienced trainer for OSS/GRC topics
Comfortable influencing cross-functional roadmaps and mediating license/security trade-offs with engineering, Legal, and external partners
Bachelor's or Master's in Computer Engineering, Electrical Engineering, Computer Science, or a closely related field

Preferred

Security certifications (e.g., CISSP, CSSLP) are a plus

Benefits

Culture of caring.
Learning and development.
Interesting & meaningful work.
Balance and flexibility.
High-trust organization.

Company

GlobalLogic

twittertwittertwitter
Glassdoor3.8
company-logo
GlobalLogic is a product development services company that specializes in chip-to-cloud software engineering.
dateFounded in 2000
location
Santa Clara, California, USA
people-size10001+ employees
web-link
http://www.globallogic.com

H1B Sponsorship

GlobalLogic has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (317)
2024 (295)
2023 (225)
2022 (329)
2021 (303)
2020 (388)

Funding

Current Stage
Late Stage
Total Funding
$763.7M
Key Investors
CPP InvestmentsNew Enterprise Associates
2021-03-31Acquired
2017-01-11Secondary Market· $720M
2008-02-11Series C· $29.5M

Leadership Team

leader-logo
Srinivas Shankar
President and Chief Executive Officer
linkedin
leader-logo
Vishal Anand
COO and Head of Americas
linkedin

Recent News

Computer Weekly
CES 2026: Hitachi inks collaborations with Nvidia, Google Cloud, Nozomi Networks
2026-01-11
PR Newswire
Hitachi ignites CES 2026 unveiling key collaborations with NVIDIA, Google Cloud and Nozomi Networks -- bringing the power of AI to social infrastructure
2026-01-09
New Enterprise Associates
New Enterprise Associates Portfolio
2026-01-02
Company data provided by crunchbase