Embedded Software Engineer

Overview

On Site
Depends on Experience
Contract - W2
Contract - 12 Month(s)
No Travel Required
Unable to Provide Sponsorship

Skills

Open Source
Software Development Methodology
SCA
Python
Information Security
GitLab
GitHub
JSON
Embedded Systems
Continuous Integration
C
C++
C#
Orchestration
Regulatory Compliance
Security QA
XML
YAML
SAP GRC
SQL
Linux Kernel
Embedded Software
DevSecOps
Apache HTTP Server

Job Details

Job Title: Embedded Software Engineer/ Information Security (Open-Source Compliance)

Location: Dallas, TX

Duration: Long-term

Skills:

·         7+ years in embedded software development (Linux kernel, device/firmware), Experience in a security focused role (DevSecOps/AppSec/Compliance).

·         Deep, practical familiarity with GPL/LGPL/MPL/MIT/Apache requirements (attribution, source publication, relinking, derivative work analysis) and enforcement throughout the SDLC.

·         Strong in C, C++, C#; proficient in Python/JavaScript for automation/tooling; confident with XML/JSON/YAML for configs and SBOMs.

·         Proficient with CMake, Clang/LLVM, cross compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray.

·         Hands on with GitHub Actions / GitLab CI and GitOps practices (GitHub/GitLab) for policy as code and environment orchestration.

·         Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL, SonarQube, ScanCode, and SBOM tooling (SPDX/CycloneDX).

·         Able to build Powe BI dashboards, write SQL, and translate complex technical topics into clear narratives for technical and non-technical audiences.

·         Exceptional writing quality for SOPs, Working Instructions, and public distribution artifacts; experienced trainer for OSS/GRC topics.

·         Comfortable influencing cross functional roadmaps and mediating license/security trade-offs with engineering, Legal, and external partners.

·         Bachelor’s or Master’s in Computer Engineering, Electrical Engineering, Computer Science, or closely related field.

·         Good to have Security certifications (e.g., CISSP, CSSLP)

 

Responsibilities:

Engineering & Automation (Embedded + SDLC)

·         Automate audits of binaries and source for license usage; run SCA and produce SBOMs (Cyclone DX/SPDX).

·         Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft (where applicable).

·         Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray.

·         Operationalize GitOps (GitHub/GitLab) and design CI/CD pipelines using GitHub Actions / GitLab CI.

 

Security Testing & Vulnerability Management

·         Integrate SAST/DAST/IAST into embedded and app pipelines (C/C++/C#, Python, JavaScript, XML); enforce gates, SLAs, and remediation workflows.

·         Triage third party vulnerabilities and assess results from CodeQL, SonarQube, and related scanners; drive fix plans across firmware and supporting services.

Open-Source Candidates & Revalidation

·         Create, publish, and continually revalidate Open Source Candidates (GPL/MPL and others) with reproducible build scripts, license texts, copyright notices, and end user instructions.

·         Triage and resolve revalidation build errors (toolchain, linking, dependency, packaging), ensuring public distribution materials remain accurate.

 

Compliance & Governance

·         Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls.

·         Ensure compliance with open source licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC 2) in partnership with Engineering, Legal, and external stakeholders.

·         Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document obligations (attribution, source offer, relinking), and guide compliant implementation patterns (static vs. dynamic link, dual license scenarios).

 

Documentation, Training & Enablement

·         Author/update SOPs, Working Instructions, developer facing runbooks, and public distribution READMEs.

·         Develop and deliver open source and product based GRC training to employees and contractors.

·         Communicate complex build processes, package management, and license implications to technical and non-technical audiences.

 

Incident Response & Continuous Improvement

·         Lead incident response (identify, contain, recover), conduct post incident reviews, and recommend program and control improvements.

·         Monitor industry trends and best practices in Open-Source License Compliance; propose program updates proactively.

 

Data & Reporting

·         Publish compliance/security dashboards in Power BI; use SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness for executive decisioning.

·         Collaboration & Stakeholder Management

·         Work cross functionally with engineering teams, Legal, and senior leadership for status updates, new requirements intake, and policy alignment; engage external partners (ODMs, vendors, consultants) to meet compliance obligations.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.