Sr Software Engineer - Compliance

What's the role?

The Enterprise Risk & Compliance team is a globally distributed team of security and privacy professionals working together to secure the world’s preeminent open location data ecosystem and platform. Help us build our open-source licensing and application security program to ensure HERE’s products, applications, and data are secure, and comply with applicable data protection, privacy, and copyright laws.

Key Responsibilities:

• Open-source compliance: play a key role in our Open-Source Licensing Office operations team by ensuring compliance with open-source community practices
• R&D team engagement: Fulfill open-source licensing obligations (e.g., GPL, MIT, Apache) resolving technical and licensing issues
• Reporting: communicate findings and issues with product development teams to remediate any non-compliant use of open-source software
• Research: determine any applicable commercial licensing shifts and regulatory measures that impact open-source code compliance
• Assess security risks: Assess various open-source, security, and privacy findings through the secure-software development lifecycle
• Application assurance: Support HERE’s Application Assurance Dashboard by providing engineering support for our Application Security Dashboard and its development
• Serve as a primary licensing compliance and security point of contact for business teams requiring security and privacy support to bridge the gap from security to product development teams
• Risk management: Document and manage identified risks and vulnerabilities detected while evaluating applications and work with teams to mitigate findings
• Collaboration: Work with peers across legal, development, customer, and Trust organizations to improve processes and compliance across the organization
• Training and Awareness: Train and improve employee understanding of open-source licensing and security practices with continuous feedback

Who are you?

Position Requirements:

• Undergraduate or graduate degree in Computing Science, Information Technology, Information Science, or equivalent experience
• 2+ years experience of open-source software licenses assessment in commercial software development
• Familiarity in Java, C/C++, Python, or other modern programming languages as well as emerging artificial intelligence frameworks and services
• Involvement of commercial and open-source tools (e.g., BlackDuck, FOSSA, ORT)
• Ability to assess and troubleshoot software development errors
• Working knowledge of information security principles, best practices, architectures, tools, and processes consistent with ISO 27001 and COSO principles
• Understanding of application and infrastructure security tools, processes, and organizations
• Basic understanding of web technologies and vulnerabilities such as SSL/TLS, REST, HTTP, OWASP, or other related standards and protocols
• Written and verbal communication skills with both a technical and non-technical audience including legal, product development, and security functions
• Self-motivated with a willingness to learn and experience security, privacy, and compliance domains with the ability to work independently in a global team

Preferred Skills:

• Active engagement in the open-source community and contributions
• Experience in defining, developing, maintaining, and supporting a software development lifecycle (SDLC) in an agile environment
• Capacity to perform code reviews or implement security controls for developed applications
• Passion for machine learning algorithms and artificial intelligence applications ranging across various domains (e.g., copyright laws, development, regulatory compliance)
• Knowledge of relevant information security standards across the automotive and artificial intelligence industries (e.g., ISO 42001, TISAX, ISO 21434)

HERE is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, age, gender identity, sexual orientation, marital status, parental status, religion, sex, national origin, disability, veteran status, and other legally protected characteristics. - #LI-MS1 

As part of HERE Technologies employment process, candidates will be required to successfully complete a background verification process. This offer and any related claims are subject to the successful completion of a background verification.  

Who are we?

HERE Technologies is a location and data technology platform copmany. We empower our customers to achieve better outcomes -- from helping a city manage its infrastructure or a business optimize its assets to guiding drivers to their destination safely. 

You can find us everywhere: in vehicles, smartphones, drones or third-party apps. We believe that with the right people, we will continue to be a game-changer in the technology industry and improve the daily lives of people around the world.

At HERE we take it upon ourselves to be the change we wish to see. We create soluions that fuel innovation, provide opportunity and foster inclusion to improve people's lives. If you are inspired by an open world and driven to create positive change, join us.