Job Description

Role:

Free and Open Source Software Analyst

Employer:

Manufacturer

Working Mode:

On Site - Full-time

Job Type:

Permanent

Job Location:

Petaling Jaya, Selangor

Experience:

Minimum 3 years of experience in a technical background (software/dev or security) and familiarity with OSS tools, security practices, and licensing

Applicants:

Open to Local Malaysian citizens only

JOB DESCRIPTION

Understanding of Open Source licensing models and compatibility with commercial software licenses.

Open Source software compliance also requires an understanding of the legal requirements.

Increasing the awareness in the company of the requirements for using OSS software in the context of commercial solutions.

Software development skills required to contribute to Open Source projects.

Ability to perform a security assessment of an Open Source software component.

Ensure that Free and Open Source Software (FOSS) usage at company complies with the internal operating policies and does not introduce security, license or operational risk for company products.

Collaborate with the Open-Source Compliance Officer (OSCO) to monitor FOSS usage and compliance across projects.

Ensure QA best practices are followed in the team.

Is responsible for maintaining the FOSS corporate repository, where the FOSS components allowed for usage in company products are managed.

Responsible for reviewing and approving or rejecting requests for the introduction of new FOSS components.

Support the business units with the usage of Software Composition Analysis tool, ensuring that FOSS components are managed through Software Bill of Materials (SBOM) for continuous validation.

Promotes FOSS adoption in company and contributes to projects by developing features, fixing bugs, and collaborating with the community.

Provide training and guidance to software development teams on FOSS policies and best practices.

Knows FOSS licensing mechanisms, and the particularity of strong copyleft and weak copyleft licenses. Can assess if the usage of a specific FOSS component complies with the overall proprietary application license.

Act as a point of contact for inquiries related to FOSS compliance and licensing.

JOB REQUIREMENTS

Master's or bachelor's degree in engineering or equivalent education.

Minimum 3 years of experience in technical background (software/dev or security) and familiarity with OSS tools, security practices, and licensing.

Good knowledge of software development (e.g. .NET, C++, Java). Can contribute to FOSS projects by implementing modifications to the FOSS tools.

Knowledge of software security processes (SCA, SAST, DAST, Penetration Testing).

Knowledge of Secure Software Development Life-Cycle related processes and in general with practices like the NIST Secure Software Development Framework.

Familiarity with Vulnerability Databases and Scoring Methodologies, like CVE, NVD and CVSS.

Job Type: Full-time

Benefits:

Health insurance Opportunities for promotion Professional development
Experience:

FOSS: 3 years (Required) Open Source Platform: 3 years (Required) Open Source Licensing: 3 years (Required)
Work Location: In person