Walmart Canada · 9 hours ago
Staff, Software Engineer, Information Security
Dallas, TX
Full-time
Onsite
Lead/Staff
8+ years expVIZIO is a company that specializes in open-source software solutions. They are seeking a Staff Software Engineer in Information Security to architect solutions, drive compliance, and innovate within a dynamic security team in Dallas.
DeliveryRetailShopping
Responsibilities
Automate audits of binaries and source for license usage; run SCA and produce SBOMs (CycloneDX/SPDX)
Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft(where applicable)
Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray
Operationalize GitOps (GitHub/GitLab) and design CI/CD pipelines using GitHub
Integrate SAST/DAST/IAST into embedded and app pipelines (C/C++/C#, Python, JavaScript, XML); enforce gates, SLAs, and remediation workflows
Triage third-party vulnerabilities and assess results from CodeQL, SonarQube, and related scanners; drive fix plans across firmware and supporting services
Create, publish, and continually revalidate Open Source Candidates (GPL/MPL and others) with reproducible build scripts, license texts, copyright notices, and end user
Triage and resolve revalidation build errors (toolchain, linking, dependency, packaging), ensuring public distribution materials remain accurate
Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls
Ensure compliance with opensource licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC 2) in partnership with Engineering, Legal, and external stakeholders
Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document obligations (attribution, source offer, relinking), and guide compliant implementation patterns (static vs. dynamic link, dual license scenarios)
Author/update SOPs, Working Instructions, developer facing runbooks, and public distribution READMEs
Develop and deliver opensource and product based GRC training to employees and contractors
Communicate complex build processes, package management, and license implications to technical and nontechnical audiences
Lead incident response (identify, contain, recover), conduct post incident reviews, and recommend program and control improvements
Monitor industry trends and best practices in Open Source License Compliance; propose program updates proactively
Publish compliance/security dashboards in Power BI; use SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness for executive decisioning
Work cross functionally with engineering teams, Legal, and senior leadership for status updates, new requirements intake, and policy alignment; engage external partners (ODMs, vendors, consultants) to meet compliance obligations
Qualification
Required
At least eight years of hands-on embedded software development experience
Proven track record of transitioning into security-focused roles
Mastery in open-source license compliance
Experience with CI/CD automation
Experience in vulnerability management
Strong technical communication skills
Ability to lead initiatives from concept to production
Experience with automating audits of binaries and source for license usage
Experience with producing SBOMs (CycloneDX/SPDX)
Experience with standardizing reproducible build engineering with CMake and Clang/LLVM
Experience managing dependencies via Conan and Snapcraft (where applicable)
Experience governing artifacts in JFrog Artifactory with dependency health checks via JFrog Xray
Experience operationalizing GitOps (GitHub/GitLab) and designing CI/CD pipelines using GitHub
Experience integrating SAST/DAST/IAST into embedded and app pipelines (C/C++/C#, Python, JavaScript, XML)
Experience triaging third-party vulnerabilities and assessing results from CodeQL, SonarQube, and related scanners
Experience creating, publishing, and continually revalidating Open Source Candidates (GPL/MPL and others)
Experience triaging and resolving revalidation build errors (toolchain, linking, dependency, packaging)
Experience conducting formal risk assessments to identify threats and vulnerabilities
Experience ensuring compliance with open-source licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC 2)
Experience evaluating proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache)
Experience documenting obligations (attribution, source offer, relinking) and guiding compliant implementation patterns
Experience authoring/updating SOPs, Working Instructions, developer facing runbooks, and public distribution READMEs
Experience developing and delivering open-source and product-based GRC training to employees and contractors
Experience communicating complex build processes, package management, and license implications to technical and nontechnical audiences
Experience leading incident response (identify, contain, recover) and conducting post-incident reviews
Experience monitoring industry trends and best practices in Open Source License Compliance
Experience publishing compliance/security dashboards in Power BI
Experience using SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness
Company
Walmart Canada
Walmart Canada is a subsidiary of Walmart that operates a chain of more than 400 stores nationwide. It is a sub-organization of Walmart.
10001+ employees
Funding
Current Stage
Late StageRecent News
Canada NewsWire
2025-12-18
Canada NewsWire
2025-12-03
Company data provided by crunchbase