This role will work on highly complex projects requiring in-depth domain knowledge of open source software use and contribution, and will have a secondary role in Application Security. You will be responsible for tracking BHGE's use of open source to ensure compliance with open source licenses, contributing to the creation of an open source policy for BHGE, overseeing BHGE contributions to open source communities, and interacting with BHGE functional leaders to support these initiatives. Essential Responsibilities:In this role, you will be:
- Working with BHGE technical, legal, and business leadership to develop an open source policy covering BHGE's use of open source software and contribution to existing open source communities.
- Working with BHGE technical, legal, and business leadership to ensure compliance with BHGE's open source policy.
- Analyzing BHGE's open source usage to ensure that only permitted open source is used, including reviewing the technical implementation, linking, and modification of the open source software.
- Working with the BHGE legal team to understand the technical features needed to judge the risk to the company from its open source usage.
- Working with technical and business leadership and developers to create options to mitigate unapproved open source.
- Creating open source Bill of Materials (BoM), notice files, and security vulnerability reports.
- Developing and maintaining documentation on standards, open source policies (on tool), play book and training documents.
- Supporting the execution of application & cloud security solutions across the lifecycle - design, implementation and operations
- Implementing application security controls, supporting delivery teams and staff, and guiding application development team members
- Supporting security strategy plans and roadmaps based on secure development best practices and providing guidance and hands-on experience to project teams in design, development, and maintenance of security solutions including cloud
- Integrating security scanning tools as part of DevOps.
- Implementing security tools for production application protection.
- Supporting security automation tools to improve efficiency and productivity for application development teams
- Developing scripts and integrating the SAST & DAST tools in to the Enterprise CI/CD platform
- Defining Threat Models and implementing RASP with production applications to be migrated to the cloud
- Participating in penetration testing & security compliance activities.
- 2+ years of experience with Open Source use and licensing including in-depth knowledge of GPL, LGPL, AGPL, and other Copyleft licenses in on-prem and SaaS implementations.
- 5 years overall technology experience such as Java, .Net, C# and other web technologies, including Open Source
- Minimum 3 years of hands-on technical experience on OSS, application development & security
- 2 years in a technical or functional lead role
- Awareness of standards such as ISO 27001, ISO 27018, NIST 800-53, PCI DSS, SOC2, HIPAA, PCI, SOX, GLBA, etc.
- Legal authorization to work in the U.S. is required. GE may agree to sponsor an individual for an employment visa now or in the future if there is a shortage of individuals with particular skills. (If Visa Sponsorship is Yes)
- Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job
- Must be willing to travel
- Must be willing to work out of an office located in Houston, TX
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- Strong interpersonal skills, with an emphasis on the ability to effectively influence others
- A team-focused mentality with the proven ability to work effectively with diverse stakeholders
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
- At least one technical certification in the field of application development and/or security
- Bachelors / master's degree in Computer Science, Cyber Security or similar experience
- Experience with other cloud service providers such as AWS, Azure or GCP