Open Source Application Engineer

Company: IPMC LIMITED 
Skills: Security 
Experience: 5 + Years 
Education: Bachelors/3-5 yr Degree 
Location: LAGOS, NIGERIA 


ORGANIZATION SUMMARY
IPMC is one of Nigeria oilfield service companies providing innovative solutions, technology, and services to the oil and gas industry. The Company operates in Nigeria and has a network of, manufacturing, service, research and development, and training facilities.
It delivers innovative technologies and services designed to meet the world's current and future energy needs in a safe, ethical, and sustainable manner. Grounded by our core values and inspired by our world-class people, we are committed to being a trusted business partner to those we serve.


Essential Responsibilities: 

In this role Open Source Application Security Engineer, you will:
Working with the echnical, legal, and business leaders to develop an open-source policy covering the company use of open source software and contribution to existing open source communities

Working with company technical, legal, and business leadership to ensure compliance with company open source policy
Analyzing the company's  open-source usage to ensure that only permitted open source is used, including reviewing the technical implementation, linking, and modification of the open-source software
Working with technical and business leaders and developers to create options to mitigate unapproved open source
Creating open-source Bill of Materials (BoM), notice files, and security vulnerability reports.
Developing and maintaining documentation on standards, open-source policies (on the tool), playbook and training documents
Supporting the execution of application & cloud security solutions across the lifecycle - design, implementation, and operations
Implementing application security controls, supporting delivery teams and staff, and guiding application development team members
Supporting security strategy plans and roadmaps based on secure development best practices and providing guidance and hands-on experience to project teams in design, development, and maintenance of security solutions including cloud
Integrating security scanning tools as part of DevOps.
Implementing security tools for production application protection
Supporting security automation tools to improve efficiency and productivity for application development teams
Developing scripts and integrating the SAST & DAST tools into the Enterprise CI / CD platform
Defining Threat Models and implementing RASP with production applications to be migrated to the cloud
Participating in penetration testing & security compliance activities
Qualifications/Requirements:
Bachelor's Degree equivalent
Minimum 5 years of technology experience such as Java, .Net, C# and other web technologies, including Open Source
Minimum 3 years of hands-on technical experience on OSS, application development & security
Minimum 2 years of experience with Open Source use and licensing including in-depth knowledge of GPL, LGPL, AGPL, and other Copyleft licenses in on-prem and SaaS implementations
Minimum 2 years in a technical or functional lead role

Desired Characteristics:
Bachelor's Degree in Computer Science, Cyber Security or similar experience from an accredited college or university
Master's Degree in Computer Science, Cyber Security or similar experience from an accredited college or university
At least one technical certification in the field of application development and/or security
Experience with other cloud service providers such as AWS, Azure or GCP
Awareness of standards such as ISO 27001, ISO 27018, NIST 800-53, PCI DSS, SOC2, HIPAA, PCI, SOX, GLBA, etc.
Personal Attributes:
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
Strong interpersonal skills, with an emphasis on the ability to effectively influence others
A team-focused mentality with the proven ability to work effectively with diverse stakeholders
An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner