Open-source Software Compliance Coordinator

Role Description

We are now looking for an Open Source Software Compliance Coordinator to join our Application Security team. We are looking for someone who has a real interest and passion for Open Source Software Compliance and has a good technical background in application security, especially Software Composition Analysis. Your ability to learn new things, to inspire others around you and your excellent communication skills maybe just what we are looking for. 

You will:

• Work with delivery teams on results of Software Composition Analysis scans.
• Provide auditors' expertise and know-how to Application delivery teams that use Open Source software in 2000+ applications.?
• Drive all open source compliance activities.
• Collaborate with Open Source Software Program Lead to solidify open source software compliance in Volvo.
• Coordinate source code scans.
• Contribute to development and implementation of compliance training and education materials.
• Drive improvements in DevSecOps Transformations in relation to open source compliance.
• Use tools like Sonatype lifecycyle to identify the OSS used to develop a software product, as well as identifying open source licenses.
• Support teams in how to analyse, assess, and respond to various internet threats in the open source domain.

Who are you?

Your Experience:

• You have at least 4 years experience with Open-source software compliance
• You are a strong communicator that is comfortable working both close to development teams as well as report and inform upper management on the status of open source compliance and vulnerabilities.

You already:

• Have the ability to read and understand open source and commercial license terms and conditions.
• Have the ability to derive an understanding of license obligations.
• Posses knowledge in understanding working flow for any of the popular programming language(s) and scripting language(s) to understand and identify plagiarism of code or logic.
• Should have working knowledge of using any of the SCA tools (Blackduck, NexusIQ, MendIO, Revenera codeinsight, FOSSID)
• Should posses and understanding of SCA package scanning and snippet scanning.
• Should be able to explain and train teams on different category of open source licenses.
• Should be able to identify origin of open source code/packages.
• Clear written communication and oration skills.
• A desire to scale security through education and compliance.

It is an advantage to have:

• Solid software engineering experience in one or more general purpose languages and strong experience in IT Architecture.
• Experience with CI/CD pipelines.
• A good understanding of application security with awareness of OWASP Top 10 vulnerabilities and OWASP ASVS requirements.
• Experience with security maturity models frameworks like OWASP SAMM or BSIMM.
• Experience analyzing and improving product and software security at scale.
• Experience in implementing Application Security Testing processes & tools.

What’s in it for you?

• Application security is an area of growing importance.  While we can’t offer you an effortless job, we can offer you a chance to be part of an exciting, growing and evolving domain. 
• We are ready to help you develop and gain experience in areas you need to be a successful Open Source Compliance Officer.
• Our team is fun to work with, diverse and we are all passionate about developing, supporting and helping others in many aspects of software development.