OSS Compliance Specialist / Architect
Oferty pracySummary
Andersen is hiring an OSS Compliance Specialist / Architect for a project designing automated OSS license compliance processes and scalable open-source governance solutions.
The customer is a global technology organization delivering digital products and business solutions to customers across multiple industries and markets. The company focuses on helping organizations improve operational effectiveness, optimize processes, and support business growth through the use of modern technologies, data-driven approaches, and scalable platforms. With an international presence and a strong focus on innovation, the organization continuously evolves its products and services to address changing customer and market needs.
The project is focused on designing and implementing an automated open-source software (OSS) license compliance solution for a large enterprise environment. It includes defining compliance processes, automating license clearing workflows, and establishing a scalable methodology to ensure efficient and consistent OSS governance.
Responsibilities
- Defining the OSS license clearing methodology and decision framework, what can be cleared automatically, what requires human escalation and why.
- Mapping all relevant open-source license types and their obligations across the organization's software portfolio.
- Designing the clearing logic the developer will implement, translating licensing judgment into rules and decision trees the system can execute.
- Reviewing and validating Software Bill of Materials (SBOM) outputs to ensure correct license identification across all dependency ecosystems.
- Comfortable working directly with engineering tooling (SBOM systems, CI/CD basics) and communicating the same language as a developer, even without writing production code themselves.
- Defining udit ready output formats and reporting requirements that meet enterprise and regulatory standards.
- Handling edge cases: dual licensing, license compatibility conflicts, copyleft scope disputes and ambiguous or unknown licenses.
- Establishing and maintaining OSS clearing policy documentation.
- Serving as the internal SME for license obligation interpretation throughout the engagement.
Requirements
- Hands-on experience with OSS clearing for 5+ years, including personally reviewing and approving open-source components.
- Strong knowledge of OSS licenses, including MIT, Apache 2.0, BSD, and their practical obligations related to distribution, linking, and modification.
- Experience using OSS license scanning and compliance tools such as FOSSA (mandatory), Black Duck, Sonatype Nexus IQ, or equivalent solutions.
- Understanding of SBOM concepts, including SPDX, CycloneDX, dependency graphs, and component metadata.
- Experience establishing or improving OSS compliance and clearing processes across large-scale enterprise software portfolios.
- Ability to independently drive OSS compliance activities from assessment through approval with minimal supervision.
- Experience preparing audit-ready compliance documentation, including clearing decisions, compliance reports, and supporting legal or audit reviews.
- Level of English – from Upper-Intermediate and above.
Desired skills
- Experience working in or closely with an Open Source Program Office (OSPO).
- Familiarity with OpenChain / ISO 5230 (license compliance).
- Knowledge of the international standard for OSS compliance programs, certification is a plus.
- CI/CD integration experience.
- Experience managing OSS compliance across multiple package ecosystems, including .NET/NuGet, Java/Maven, JavaScript/npm, Python/PyPI, or similar.
- Strong understanding of open-source licensing gained through a legal/paralegal background or extensive hands-on experience in OSS compliance.
- Familiarity with AI based tools for license text classification and obligation extraction.
- Experience in regulated industries such as energy, automotive, financial services, or healthcare.
- Background contributing to or governing open-source projects directly.
Reasons to join us
- Experience in teamwork with leaders in FinTech, Healthcare, Retail, Telecom, and others. Andersen cooperates with such businesses as Samsung, Siemens, Johnson &' Johnson, BNP Paribas, Ryanair, Mercedes, TUI, Verivox, Allianz, T-Systems, etc..
- The opportunity to change the project and/or develop expertise in an interesting business domain.
- Job conditions – you can work both fully remotely and from the office or can choose a hybrid variant.
- Guarantee of professional, financial, and career growth! The company has introduced systems of mentoring and adaptation for each new employee.
- The opportunity to earn up to an additional 1,000 USD per month, depending on the level of expertise, which will be included in the annual bonus, by participating in the company's activities.
- Access to the corporate training portal, where the entire knowledge base of the company is collected and which is constantly updated.
- Bright corporate life (parties / pizza days / PlayStation / fruits / coffee / snacks / movies).
- Certification compensation (AWS, PMP, etc).
- Referral program.
- Private health insurance and compensation for sports activities.
Join us!
Lokalizacje
Worldwide
Czekamy na was!
lub Poleć znajomego
Przetwarzamy dane osobowe zgodnie z RODO
Myślisz o kolejnym kroku w karierze? Zobacz oferty pracy w Andersen i znajdź coś dla siebie już dziś