Oteemo is looking for an engineer to apply AI, data analysis, and automation to secure the software supply chain by detecting risks, prioritizing fixes, and hardening systems.
Requirements
- Proficiency with AI/ML or data science tools (Python, Pandas, or similar).
- Experience using LLMs for workflow automation, data analysis, or summarization.
- Solid understanding of software supply chain security concepts (containers, packages, SBOMs, vulnerability management).
- Hands-on with scanners and SBOM tools (Trivy, Grype, Syft, Anchore).
- Strong data wrangling skills — building scripts or automations to process vulnerability and SBOM datasets.
- Familiarity with supply chain security frameworks (SLSA, NIST 800-218, CIS Benchmarks).
- Experience with cloud-native security tooling (Docker Scout, Snyk, GUAC).
Responsibilities
- Build and optimize pipelines that use SBOMs, CVE data, and AI/ML to assess and harden software components.
- Apply AI/ML techniques to prioritize vulnerabilities, suggest fixes, and detect high-risk patterns across large dependency sets.
- Automate ingestion and normalization of advisories, scanner output, and vendor data for security decision-making.
- Experiment with LLMs to reduce manual triage, generate draft remediation guidance, and summarize vendor notices.
- Provide data-driven recommendations for securing containers, AMIs, ISOs, packages, and third-party dependencies.
- Develop dashboards and metrics (e.g., risk scores, patch coverage, remediation timelines) for engineering and leadership.
- Document workflows and enable other teams to use AI/automation in supply chain security.
Other
- DOD Clearance Eligibility.
- Clear communication skills to explain AI-driven findings to engineering, security, and compliance audiences.
- Active Secret or Top Secret Clearance.
- Exposure to compliance or vendor risk management.
- Contributions to open source supply chain security or data automation projects.
