Open-source Software Compliance Coordinator

Open Source Software Compliance Coordinator

• Work with delivery teams on results of Software Composition Analysis scans.


• Provide auditors expertise and know-how to Application delivery teams that use Open Source software in 2000+ applications.


• Drive all open source compliance activities.


• Collaborate with Open Source Software Program Lead to solidify open source software compliance in Volvo.


• Coordinate source code scans.


• Contribute to development and implementation of compliance training and education materials.


• Drive improvements in DevSecOps Transformations in relation to open source compliance.


• Use tools like Sonatype lifecycyle to identify the OSS used to develop a software product, as well as identifying open source licenses.


• Support teams in how to analyse, assess, and respond to various internet threats in the open source domain.

Your Experience:

• You have at least 4 years experience with Open-source software compliance


• You are a strong communicator that is comfortable working both close to development teams as well as report and inform upper management on the status of open source compliance and vulnerabilities.

You already:

• Have the ability to read and understand open source and commercial license terms and conditions.


• Have the ability to derive an understanding of license obligations.


• Posses knowledge in understanding working flow for any of the popular programming language(s) and scripting language(s) to understand and identify plagiarism of code or logic.


• Should have working knowledge of using any of the SCA tools (Blackduck, NexusIQ, MendIO, Revenera codeinsight, FOSSID)


• Should posses and understanding of SCA package scanning and snippet scanning.


• Should be able to explain and train teams on different category of open source licenses.


• Should be able to identify origin of open source code/packages.


• Clear written communication and oration skills.


• A desire to scale security through education and compliance.

It is an advantage to have:

• Solid software engineering experience in one or more general purpose languages and strong experience in IT Architecture.


• Experience with CI/CD pipelines.


• A good understanding of application security with awareness of OWASP Top 10 vulnerabilities and OWASP ASVS requirements.


• Experience with security maturity models frameworks like OWASP SAMM or BSIMM.


• Experience analyzing and improving product and software security at scale.


• Experience in implementing Application Security Testing processes & tools.

• Application security is an area of growing importance. While we can t offer you an effortless job, we can offer you a chance to be part of an exciting, growing and evolving domain.


• We are ready to help you develop and gain experience in areas you need to be a successful Open Source Compliance Officer.


• Our team is fun to work with, diverse and we are all passionate about developing, supporting and helping others in many aspects of software development.