Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

 

Description

The Software Security Leader is an individual responsible for ensuring OpenMRS Community-supported software is secure by determining security requirements; overseeing planning, implementing, and testing of security; defining community security policies & conventions; and, mentoring community developers in security best practices.

Requirements

  • Dedication to OpenMRS mission, vision, and values
  • Detailed technical knowledge of techniques, standards, and state-of-the-art approaches to security vulnerabilities and remediation
  • Strong skills and experience in software security best practices, including Java and JavaScript
  • Good communication skills and ability to work well with people of different cultures
  • Enough available, dedicated time to fulfill responsibilities

Responsibilities

  • Software Security
    • Define policies for handling security issues within the OpenMRS Developer Community
    • Oversee community volunteers in planning, implementing, and testing of security
    • Contribute to all levels of the architecture (e.g., Core API, Platform, Reference Application, and Modules)
  • Advocating security best practices and finding ways to promote these through community culture and tooling
    • Including security tips in documentation
    • Getting developers thinking about security during sprints
    • Embedding best practices in SDK and reference software
    • Promoting strong security practices in OpenMRS APIs & software libraries
  • Mentoring community developers in security best practices and organizing volunteers interested in helping with security-related issues
  • Develop familiarity on new tools and best practices
  • Reporting on security status to the community and to other leaders within the community
  • Defining goals for security
    • Appropriate logging and notification of security issues
    • Response time to security issues
  • No labels