Position Summary...

VIZIO works with open-source software to provide innovative and cutting-edge solutions
to our clients. We are seeking a Staff-level engineer who thrives on autonomy, engineering
latitude, and self-determination—someone who relishes the freedom to architect solutions,
drive compliance, and innovate in a fast-moving environment. In this Dallas-based, onsite role
(five days a week), you’ll join an incredibly dynamic and highly competent Security team, where
your expertise will be valued and your voice heard. This is a rare opportunity to collaborate
with top-tier professionals, shape technical direction, and make a tangible impact on both
product and process.
The ideal candidate brings at least eight years of hands-on embedded software development
experience, with a proven track record of transitioning into security-focused roles. You’ll
demonstrate mastery in open-source license compliance, CI/CD automation, vulnerability
management, and technical communication—showcasing both self-reliance and the ability to
lead initiatives from concept to production. If you’re ready to join a team that sets the standard
in Security and empowers its members to excel, this is your chance to make your mark.

What you'll do...

What You Will Do:

• Engineering & Automation (Embedded + SDLC)
• Automate audits of binaries and source for license usage; run SCA and
• produce SBOMs (CycloneDX/SPDX).
• Standardize reproducible build engineering with CMake and Clang/LLVM; manage dependencies via Conan and Snapcraft(where applicable).
• Govern artifacts in JFrog Artifactory with dependency health checks via JFrog Xray.
• Operationalize GitOps (GitHub/GitLab) and design CI/CD pipelines using GitHub.
• Integrate SAST/DAST/IAST into embedded and app pipelines (C/C++/C#, Python,
• JavaScript, XML); enforce gates, SLAs, and remediation workflows.
• Triage third-party vulnerabilities and assess results from CodeQL, SonarQube, and related scanners; drive fix plans across firmware and supporting services.
• Create, publish, and continually revalidate Open Source Candidates (GPL/MPL and
• others) with reproducible build scripts, license texts, copyright notices, and end user.
• Triage and resolve revalidation build errors (toolchain, linking, dependency, packaging),
• ensuring public distribution materials remain accurate.
• Conduct formal risk assessments to identify threats and vulnerabilities and recommend mitigating controls.
• Ensure compliance with opensource licenses and applicable standards (e.g., ISO 27001,
• ISO/IEC 5230:2020, SOC 2) in partnership with Engineering, Legal, and external stakeholders.
• Evaluate proposed libraries before integration (GPL/LGPL/MPL/MIT/Apache), document
• obligations (attribution, source offer, relinking), and guide compliant implementation
• patterns (static vs. dynamic link, dual license scenarios).
• Documentation, Training & Enablement
• Author/update SOPs, Working Instructions, developer facing runbooks, and public
• distribution READMEs.
• Develop and deliver opensource and product based GRC training to employees and contractors.
• Communicate complex build processes, package management, and license
• implications to technical and nontechnical audiences.
• Incident Response & Continuous Improvement
• Lead incident response (identify, contain, recover), conduct post incident reviews, and recommend program and control improvements.
• Monitor industry trends and best practices in Open Source License Compliance; propose program updates proactively.
• Data & Reporting
• Publish compliance/security dashboards in Power BI; use SQL to analyze SBOM coverage, license risk, vulnerability posture, and release readiness for executive decisioning.
• Collaboration & Stakeholder Management
• Work cross functionally with engineering teams, Legal, and senior leadership for status
• updates, new requirements intake, and policy alignment; engage external partners (ODMs, vendors, consultants) to meet compliance obligations.

About You:

• Experience: 7+ years in embedded software development (Linux kernel,
• device/firmware), plus 2+ years in a security focused role
• (DevSecOps/AppSec/Compliance).
• Licensing & Policy: Deep, practical familiarity
• with GPL/LGPL/MPL/MIT/Apache requirements (attribution, source of publication, relinking, derivative work analysis) and enforcement throughout the SDLC.
• Languages & Stacks: Strong in C, C++, C#; proficient in Python/JavaScript for
• automation/tooling; confident with XML/JSON/YAML for configs and SBOMs.
• CI/CD, Packaging & Artifacts: Proficient with CMake, Clang/LLVM, cross compilers; package with Conan/Snapcraft; govern artifacts in JFrog Artifactory with risk analysis via JFrog Xray.
• CI/CD & GitOps: Hands on with GitHub Actions / GitLab CI and GitOps practices
• (GitHub/GitLab) for policy-as-code and environment orchestration.
• Testing & Vulnerability Triage: Skilled at integrating and interpreting SAST/DAST/IAST results; practical experience with CodeQL, SonarQube, ScanCode, and SBOM tooling (SPDX/CycloneDX).
• Data & Communication: Able to build Power BI dashboards, write SQL, and translate complex technical topics into clear narratives for technical and non-technical audiences.
• Documentation & Training: Exceptional writing quality for SOPs, Working Instructions, and public distribution artifacts; experienced trainer for OSS/GRC topics.
• Collaboration: Comfortable influencing cross functional roadmaps and mediating license/security tradeoffs with engineering, Legal, and external partners.
• Education: Bachelor’s or Master’s in Computer Engineering, Electrical Engineering, Computer Science, or closely related field. Security certifications (e.g., CISSP, CSSLP) are a plus

At Walmart, we offer competitive pay as well as performance-based bonus awards and other great benefits for a happier mind, body, and wallet. Health benefits include medical, vision and dental coverage. Financial benefits include 401(k), stock purchase and company-paid life insurance. Paid time off benefits include PTO (including sick leave), parental leave, family care leave, bereavement, jury duty, and voting. Other benefits include short-term and long-term disability, company discounts, Military Leave Pay, adoption and surrogacy expense reimbursement, and more. You will also receive PTO and/or PPTO that can be used for vacation, sick leave, holidays, or other purposes. The amount you receive depends on your job classification and length of employment. It will meet or exceed the requirements of paid sick leave laws, where applicable. For information about PTO, see https://one.walmart.com/notices. Live Better U is a Walmart-paid education benefit program for full-time and part-time associates in Walmart and Sam's Club facilities. Programs range from high school completion to bachelor's degrees, including English Language Learning and short-form certificates. Tuition, books, and fees are completely paid for by Walmart.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to a specific plan or program terms.
For information about benefits and eligibility, see One.Walmart.
The annual salary range for this position is $110,000.00 - $220,000.00 Additional compensation includes annual or quarterly performance bonuses. Additional compensation for certain positions may also include :
- Stock

ㅤ

ㅤ

ㅤ

ㅤ

‎ 

Minimum Qualifications...

Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications.

Option 1: Bachelor's degree in computer science, information technology, engineering, information systems, cybersecurity, or related area and 4years’ experience in software engineering or related area at a technology, retail, or data-driven company.

Option 2: 6 years’ experience in software engineering or related area at a technology, retail, or data-driven company.

Preferred Qualifications...

Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications.

Certification in Security+, GISF, CISSP, CCSP, or GSEC, Master’s degree in computer science, information technology, engineering, information systems, cybersecurity or related area and 2 years’ experience leading information security or cybersecurity projects, We value candidates with a background in creating inclusive digital experiences, demonstrating knowledge in implementing Web Content Accessibility Guidelines (WCAG) 2.2 AA standards, assistive technologies, and integrating digital accessibility seamlessly. The ideal candidate would have knowledge of accessibility best practices and join us as we continue to create accessible products and services following Walmart’s accessibility standards and guidelines for supporting an inclusive culture.

Primary Location...

14901 Quorum Dr, Dallas, TX 75254-7521, United States of America

Walmart and its subsidiaries are committed to maintaining a drug-free workplace and has a no tolerance policy regarding the use of illegal drugs and alcohol on the job. This policy applies to all employees and aims to create a safe and productive work environment.