*This is a remote opportunity. You may also choose to work on-site at SAS HQ in Cary, NC.
Are you a problem solver, explorer, and knowledge seeker – always asking, “What if?”
If so, you may be the new team member we’re looking for. Because at SAS, your curiosity matters – whether you’re developing algorithms, creating customer experiences, or answering critical questions. Curiosity is our code, and the opportunities here are endless.
What we do
We’re the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence. Our curiosity fuels innovation, pushing boundaries, challenging the status quo and changing the way we live.
What You’ll Do
As the Open Source Program Manager within Product Strategy of our R&D Division at SAS, you will partner with the Product Security Office as we transform our product security and open source technology management strategies for our cloud-native software and solutions. You will establish an open source program office (OSPO) to centralize our existing open source policies and processes related to inbound and outbound open source technology management. You will strategize, clarify, and evangelize our open source goals and vision within and beyond R&D.
Successful candidates will lead engineering teams to strategic solutions of complex technical problems, communicating clearly and effectively to technical and non-technical audiences. This position requires a balance between program management and technical skills such as software development and systems architecture as well as the ability to apply creative and analytical thinking to issues like risk management and establishing compliance mechanisms within new and existing systems and solutions. Your success will depend on your cooperative skills in working with R&D DevOps and solutions engineering, architecture, legal, and compliance teams across SAS.
As a technical program manager, you will:
- Collaborate with our internal engineering teams to lead the implementation and support of automated processes and tooling for our open source supply chain and dependency management efforts, including the maturation of our software bill of materials (SBOM) as we continue to speed and enhance our build and release processes.
- Demonstrate and evangelize understanding of security and license issues related to use of open source software (OSS), taking advantage of open source standards and community.
- Lead continuous improvement and automation enhancements around the process of open source component selection, approval, and management, including detection and remediation of security and compliance issues and integration with all stages of the secure software development life cycle (SDLC), focusing on integration with our CI pipelines.
- Guide and consult with engineering teams as they incorporate OSS compliance best practices in the development and release of their products and solutions.
- Lead tooling integration and automation activities, represent SAS open source policy and processes, consult on open source license compliant usage, and document procedures that ensure open source software use aligns with our business goals and protects our intellectual property.
- Collaborate with legal, compliance, and engineering teams to lead and continuously improve the SAS third-party software request and approval process.
- Provide review and approval of contributions to first-party and third-party open source projects.
- Analyze, identify, and develop strategies and processes to correct data issues with systems used or owned by SAS R&D.
- Participate in educational opportunities, read professional publications, maintain networks, and participate in professional organizations to always be up-to-date on open source initiatives and technology management.
- Provide day-to-day coordination on projects and tasks to drive implementation, communicate progress to product teams and leadership, and assist in improvements across multiple teams and functions.
- Maintain program documentation such as program plans, schedules, and status reports; coordinate, communicate, and facilitate activities between team members and stakeholders to keep program on track and on schedule.
- Proactively identify risks, trends, and process improvements.
- Act as a central point of contact for all business and technical issues and interface with interested parties across the company to ensure program success.
What we’re looking for:
- You understand why open source exists, how it works, and the challenges it poses to organizations whether inbound (consuming) or outbound (contribution).
- 2+ years of experience in open source technologies and/or cloud-native software development.
- 5+ years of experience working cross-functionally with engineering and leadership teams like software engineers, project managers, product managers, security architects, legal, governance, risk, compliance, and DevOps.
- You are a fast and consistent learner with a passion for curiosity, learning, and technology.
- You are organized, self-starting, flexible, and resourceful.
- You have excellent written and verbal communication skills, organizational skills, and problem-solving skills.
- You have a keen interest in using design and critical thinking to increase the efficiency, effectiveness, and quality of process results.
- You work independently with minimal guidance but enjoy collaborating with others on new programs and initiatives.
- You have a proven ability to lead program teams and gain consensus, even when managing multiple initiatives simultaneously.
- You are familiar with SDL and comfortable with ticket/tracking systems and enterprise collaboration tools (e.g., Jira, Confluence, Microsoft Teams).
- Prior experience with open source software communities and/or GitHub projects.
- Familiarity with leading software composition analysis (SCA) tools: OWASP DC, Black Duck, WhiteSource, Sonatype, WhiteHat Sentinel, Snyk, FOSSA.
- Familiarity with generating software bills of material (SBOM) with open source standards and tooling.
- Familiarity with open source guidelines such as the Linux open source program guide
- Understand the differences among some of the common open source licenses (e.g., LGPL, GPL, AFPL)
- Understand international standards for open source license compliance (e.g., ISO/IEC 5230, OpenChain)
- Experience working with governance, risk, compliance, audit (GRC-A), and legal teams.
- Experience working with containerized and microservices software architecture, specifically with open source components.
- Experience working with back-end automation projects such as developing and enforcing CI pipeline gates.
- Experience with public cloud or hybrids such as Azure (preferred), AWS, GCP, Oracle, Red Hat OpenShift, or IBM.
- Maintain at least one active professional certification (e.g., PMP, CISA, OSTM, CCSP, or other related).
- We love living the #SASlife and believe that happy, healthy people have a passion for life, and bring that energy to work. No matter what your specialty or where you are in the world, your unique contributions will make a difference.
- Our multi-dimensional culture blends our different backgrounds, experiences, and perspectives. Here, it isn’t about fitting into our culture, it’s about adding to it - and we can’t wait to see what you’ll bring.
SAS looks not only for the right skills, but also a fit to our core values. We seek colleagues who will contribute to the unique values that makes SAS such a great place to work. We look for the total candidate: technical skills, values fit, relationship skills, problem solvers, good communicators and, of course, innovators. Candidates must be ready to make an impact.
To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Equal Employment Opportunity is the Law. Also view the supplement EEO is the Law, and the Pay Transparency notice.
Equivalent combination of education, training and experience may be considered in place of the above qualifications. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.
All valid SAS job openings are located on the Careers page at www.sas.com. SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. Should you have any doubts about the authenticity of any type of communication from, for, or on behalf of SAS, please contact us at Recruitingsupport@sas.com before taking any further action.