Software Supply Chain Security Engineer (AI & Data Systems)

We are looking for a senior engineer who can apply AI, data analysis, and automation to secure the software supply chain. This is not a "train a model" research role — it's a practical, hands-on position where you'll use LLMs, analytics, and automation to detect risks, prioritize fixes, and harden systems ranging from container images to package dependencies. You will turn messy vulnerability and SBOM data into clear, actionable security improvements.

Responsibilities :

• Develop and automate SBOM workflows using open-source and commercial tools (e.g., Syft, Grype, CycloneDX, Dependency-Track).
• Design and integrate LLM-driven solutions for vulnerability detection, CVE classification, and intelligent remediation recommendations.
• Build automated pipelines for continuous ingestion, enrichment, and correlation of CVE and NVD data with internal dependency graphs.
• Implement AI-assisted triage and prioritization logic for vulnerabilities based on context (CVSS, exploitability, package exposure, and runtime telemetry).
• Integrate vulnerability scanning results into CI / CD pipelines and security dashboards (e.g., GitHub Actions, Jenkins, GitLab CI, Jira, ServiceNow).
• Collaborate with security and development teams to automate root cause analysis and recommend mitigation paths using LLMs or knowledge graph–based systems.
• Develop data pipelines and APIs to connect SBOM data, CVE feeds, and vulnerability databases for real-time updates.
• Apply AI / ML techniques to prioritize vulnerabilities, suggest fixes, and detect high-risk patterns across large dependency sets.
• Automate ingestion and normalization of advisories, scanner output, and vendor data for security decision-making.
• Experiment with LLMs to reduce manual triage, generate draft remediation guidance, and summarize vendor notices.
• Provide data-driven recommendations for securing containers, AMIs, ISOs, packages, and third-party dependencies.
• Develop dashboards and metrics (e.g., risk scores, patch coverage, remediation timelines) for engineering and leadership.
• Document workflows and enable other teams to use AI / automation in supply chain security.
• Research and evaluate emerging AI and automation frameworks for software supply chain and vulnerability management.

Qualifications :

Nice to Have :