Job Title: Sr Software Engineer/ Embedded software Engineer , Information Security (Open Source Compliance)

Plano, TX, US • Posted 1 day ago • Updated 1 day ago

Contract W2

25% Travel Required

On-site

$55 - $60/hr

Fitment

Dice Job Match Score™

⭐ Evaluating experience...

Job Details

Skills

C
C++
C#; proficient in Python/JavaScript for automation/tooling; confident with XML/JSON/YAML for configs and SBOMs. Build
Packaging & Artifacts: Proficient with CMake
Clang/LLVM
cross‑compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray. CI/CD & GitOps: Hands‑on with GitHub Actions / GitLab CI and GitOps practices (GitHub/GitLab) for policy‑as‑code and environment orchestration. Testing & Vulnerability Triage: Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL
SonarQube
ScanCode
and SBOM tooling (SPDX/CycloneDX). Data & Communication: Able to build Power BI dashboards
write SQL
and translate complex technical topics into clear narratives for technical and non-technical audiences. Documentation & Training: Exceptional writing quality for SOPs
Working Instructions
and public distribution artifacts; experienced trainer for OSS/GRC topics.

Summary

Job Title: Sr Software Engineer/ Embedded software Engineer , Information Security (Open Source Compliance)
Location: Plano TX (Onsite)
Duration: Long-term
Visa: Visa Independent (or or OPT EAD)

Required Skills:

Experience: 10+ years in embedded software development (Linux kernel, device/firmware), plus 3+ years in a security‑focused role (DevSecOps/AppSec/Compliance).
Licensing & Policy: Deep, practical familiarity with GPL/LGPL/MPL/MIT/Apache requirements (attribution, source publication, relinking, derivative‑work analysis) and enforcement throughout the SDLC.
Languages & Stacks: Strong in C, C++, C#; proficient in Python/JavaScript for automation/tooling; confident with XML/JSON/YAML for configs and SBOMs.
Build, Packaging & Artifacts: Proficient with CMake, Clang/LLVM, cross‑compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray.
CI/CD & GitOps: Hands‑on with GitHub Actions / GitLab CI and GitOps practices (GitHub/GitLab) for policy‑as‑code and environment orchestration.
Testing & Vulnerability Triage: Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL, SonarQube, ScanCode, and SBOM tooling (SPDX/CycloneDX).
Data & Communication: Able to build Power BI dashboards, write SQL, and translate complex technical topics into clear narratives for technical and non-technical audiences.
Documentation & Training: Exceptional writing quality for SOPs, Working Instructions, and public distribution artifacts; experienced trainer for OSS/GRC topics.
Collaboration: Comfortable influencing cross‑functional roadmaps and mediating license/security trade‑offs with engineering, Legal, and external partners.
Education: Bachelor’s or Master’s in Computer Engineering, Electrical Engineering, Computer Science, or closely related field. Security certifications (e.g., CISSP, CSSLP) are a plus.

Responsibilities:

Engineering & Automation (Embedded + SDLC)

Automate audits of binaries and source for license usage; run SCA and produce SBOMs (Cyclone DX/SPDX).
Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft (where applicable).
Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray.
Operationalize GitOps (GitHub/GitLab) and design CI/CD pipelines using GitHub Actions / GitLab CI.

Security Testing & Vulnerability Management

Integrate SAST/DAST/IAST into embedded and app pipelines (C/C++/C#, Python, JavaScript, XML); enforce gates, SLAs, and remediation workflows.
Triage third‑party vulnerabilities and assess results from CodeQL, SonarQube, and related scanners; drive fix plans across firmware and supporting services.
Open Source Candidates & Revalidation

Create, publish, and continually revalidate Open Source Candidates (GPL/MPL and others) with reproducible build scripts, license texts, copyright notices, and end‑user instructions.
Triage and resolve revalidation build errors (toolchain, linking, dependency, packaging), ensuring public distribution materials remain accurate.
Compliance & Governance

Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls.
Ensure compliance with open‑source licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC 2) in partnership with Engineering, Legal, and external stakeholders.
Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document obligations (attribution, source offer, relinking), and guide compliant implementation patterns (static vs. dynamic link, dual‑license scenarios).
Documentation, Training & Enablement

Author/update SOPs, Working Instructions, developer‑facing runbooks, and public distribution READMEs.
Develop and deliver open‑source and product‑based GRC training to employees and contractors.
Communicate complex build processes, package management, and license implications to technical and non‑technical audiences.
Incident Response & Continuous Improvement

Lead incident response (identify, contain, recover), conduct post‑incident reviews, and recommend program and control improvements.
Monitor industry trends and best practices in Open Source License Compliance; propose program updates proactively.
Data & Reporting

Publish compliance/security dashboards in Power BI; use SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness for executive decisioning.
Collaboration & Stakeholder Management

Work cross‑functionally with engineering teams, Legal, and senior leadership for status updates, new requirements intake, and policy alignment; engage external partners (ODMs, vendors, consultants) to meet compliance obligation

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: 91142794
Position Id: 8862062
Posted 1 day ago

Company Info

About SSTech LLC

SSTech LLC specializes in IT consulting, focusing on understanding client needs and providing skilled professionals to meet those requirements. Whether it’s through project-based consulting, staff augmentation, or full-scale IT solutions, the firm likely works closely with clients to identify technology gaps and deliver the right talent and expertise.

SSTech LLC is a dynamic and rapidly growing IT staffing and consulting firm headquartered in Irving, TX. With years of experience in the industry, we specialize in delivering innovative technology solutions and augmenting our clients’ IT teams with top-tier professionals. We pride ourselves on our commitment to integrity, honesty, and excellence in service.

Founded on the core values of integrity, technological insight, and customer satisfaction, SSTech LLC has built a reputation for providing reliable, high-quality IT staffing solutions. Our team works closely with clients to understand their unique needs and ensure that the right talent is deployed at the right time, empowering businesses to achieve their technology goals.Whether you’re looking to expand your IT staff, implement a cutting-edge technology solution, or need specialized expertise for a critical project, SSTech LLC is your trusted partner in success

SSTech LLC provides premier IT staffing services designed to help businesses develop and deploy innovative IT solutions that reduce costs and enhance performance across large enterprises worldwide. Our primary focus is on building mission-critical business applications engineered for optimal performance, scalability, and reliability.

With a deep understanding of the complexities facing modern enterprises, SSTech LLC ensures that our IT solutions not only meet the current needs of our clients but are also flexible and scalable to adapt to future demands. We specialize in delivering high-performance systems that are built to scale predictably, while maintaining the highest levels of reliability, security, and efficiency.

Whether you’re looking to streamline operations, enhance productivity, or develop cutting-edge applications, SSTech LLC is your trusted partner for building technology solutions that power business success on a global scale.

We are driven by core value and we are confident that when you select us as your IT Business Solutions Partner, we help businesses to move forward , faster by combining deep industry experience and frictionless technology delivery. Businesses today require transformational change at a scale and speed that defies traditional ways of working. We spark change through our digital transformation hub that delivers deep digital engineering and industry expertise through client-specific and integrated agile scrum teams.The SSTech LLC team is focused on delivering customer satisfaction by providing world-class IT services to the dynamic and developing high-technology market

SSTech LLC is a dynamic and fast growing company with headquarters in Dallas, Texas, USA. Through close relationships with partners , SSTech LLC has an extended presence in India.

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.