Staff, Software Engineer, Information Security

About The Position

Requirements

• 7+ years in embedded software development (Linux kernel, device/firmware), plus 2+ years in a security focused role (DevSecOps/AppSec/Compliance).
• Deep, practical familiarity with GPL/LGPL/MPL/MIT/Apache requirements (attribution, source of publication, relinking, derivative work analysis) and enforcement throughout the SDLC.
• Strong in C, C++, C#; proficient in Python/JavaScript for automation/tooling; confident with XML/JSON/YAML for configs and SBOMs.
• Proficient with CMake, Clang/LLVM, cross compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray.
• Hands on with GitHub Actions / GitLab CI and GitOps practices (GitHub/GitLab) for policy-as-code and environment orchestration.
• Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL, SonarQube, ScanCode, and SBOM tooling (SPDX/CycloneDX).
• Able to build Power BI dashboards, write SQL, and translate complex technical topics into clear narratives for technical and non-technical audiences.
• Exceptional writing quality for SOPs, Working Instructions, and public distribution artifacts; experienced trainer for OSS/GRC topics.
• Comfortable influencing cross functional roadmaps and mediating license/security tradeoffs with engineering, Legal, and external partners.
• Bachelor’s or Master’s in Computer Engineering, Electrical Engineering, Computer Science, or closely related field.

Nice To Haves

• Certification in Security+, GISF, CISSP, CCSP, or GSEC
• Master’s degree in computer science, information technology, engineering, information systems, cybersecurity or related area and 2 years’ experience leading information security or cybersecurity projects
• We value candidates with a background in creating inclusive digital experiences, demonstrating knowledge in implementing Web Content Accessibility Guidelines (WCAG) 2.2 AA standards, assistive technologies, and integrating digital accessibility seamlessly.
• The ideal candidate would have knowledge of accessibility best practices and join us as we continue to create accessible products and services following Walmart’s accessibility standards and guidelines for supporting an inclusive culture.

Responsibilities

• Automate audits of binaries and source for license usage; run SCA and produce SBOMs (CycloneDX/SPDX).
• Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft(where applicable).
• Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray.
• Operationalize GitOps (GitHub/GitLab) and design CI/CD pipelines using GitHub.
• Integrate SAST/DAST/IAST into embedded and app pipelines (C/C++/C#, Python, JavaScript, XML); enforce gates, SLAs, and remediation workflows.
• Triage third-party vulnerabilities and assess results from CodeQL, SonarQube, and related scanners; drive fix plans across firmware and supporting services.
• Create, publish, and continually revalidate Open Source Candidates (GPL/MPL and others) with reproducible build scripts, license texts, copyright notices, and end user.
• Triage and resolve revalidation build errors (toolchain, linking, dependency, packaging), ensuring public distribution materials remain accurate.
• Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls.
• Ensure compliance with opensource licenses and applicable standards (e.g., ISO 27001, ISO/IEC 5230:2020, SOC 2) in partnership with Engineering, Legal, and external stakeholders.
• Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document obligations (attribution, source offer, relinking), and guide compliant implementation patterns (static vs. dynamic link, dual license scenarios).
• Author/update SOPs, Working Instructions, developer facing runbooks, and public distribution READMEs.
• Develop and deliver opensource and product based GRC training to employees and contractors.
• Communicate complex build processes, package management, and license implications to technical and nontechnical audiences.
• Lead incident response (identify, contain, recover), conduct post incident reviews, and recommend program and control improvements.
• Monitor industry trends and best practices in Open Source License Compliance; propose program updates proactively.
• Publish compliance/security dashboards in Power BI; use SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness for executive decisioning.
• Work cross functionally with engineering teams, Legal, and senior leadership for status updates, new requirements intake, and policy alignment; engage external partners (ODMs, vendors, consultants) to meet compliance obligations.

Benefits

• At Walmart, we offer competitive pay as well as performance-based bonus awards and other great benefits for a happier mind, body, and wallet.
• Health benefits include medical, vision and dental coverage.
• Financial benefits include 401(k), stock purchase and company-paid life insurance.
• Paid time off benefits include PTO (including sick leave), parental leave, family care leave, bereavement, jury duty, and voting.
• Other benefits include short-term and long-term disability, company discounts, Military Leave Pay, adoption and surrogacy expense reimbursement, and more.
• You will also receive PTO and/or PPTO that can be used for vacation, sick leave, holidays, or other purposes.
• Live Better U is a Walmart-paid education benefit program for full-time and part-time associates in Walmart and Sam's Club facilities.
• Programs range from high school completion to bachelor's degrees, including English Language Learning and short-form certificates.
• Tuition, books, and fees are completely paid for by Walmart.