AI/Data Engineer – Software Supply Chain Security

We are looking for an engineer who can apply AI data analysis and automation to secure the software supply chain. This is not a train a model research role its a practical hands-on position where youll use LLMs analytics and automation to detect risks prioritize fixes and harden systems ranging from container images to package dependencies. You will turn messy vulnerability and SBOM data into clear actionable security improvements.

Responsibilities:

• Build and optimize pipelines that use SBOMs CVE data and AI/ML to assess and harden software components.
• Apply AI/ML techniques to prioritize vulnerabilities suggest fixes and detect high-risk patterns across large dependency sets.
• Automate ingestion and normalization of advisories scanner output and vendor data for security decision-making.
• Experiment with LLMs to reduce manual triage generate draft remediation guidance and summarize vendor notices.
• Provide data-driven recommendations for securing containers AMIs ISOs packages and third-party dependencies.
• Develop dashboards and metrics (e.g. risk scores patch coverage remediation timelines) for engineering and leadership.
• Document workflows and enable other teams to use AI/automation in supply chain security.

Qualifications :

• DOD Clearance Eligibility.
• Proficiency with AI/ML or data science tools (Python Pandas or similar).
• Experience using LLMs for workflow automation data analysis or summarization.
• Solid understanding of software supply chain security concepts (containers packages SBOMs vulnerability management).
• Hands-on with scanners and SBOM tools (Trivy Grype Syft Anchore).
• Strong data wrangling skills building scripts or automations to process vulnerability and SBOM datasets.
• Clear communication skills to explain AI-driven findings to engineering security and compliance audiences.

Nice to Have

• Active Secret or Top Secret Clearance.
• Familiarity with supply chain security frameworks (SLSA NIST 800-218 CIS Benchmarks).
• Exposure to compliance or vendor risk management.
• Experience with cloud-native security tooling (Docker Scout Snyk GUAC).
• Contributions to open source supply chain security or data automation projects.

Additional Information :

We Value:

• Drive: Passion and energy to implement quality technical solutions. Self-motivation and intellectual curiosity
• Commitment to Quality: Passion to conceive and produce world-class solutions that drive real-world value for the customer
• Customer Focus: Consultative approach to solving problems for customers. Expectations management.
• Communication: Superior communication skills. Ability to clearly articulate problems solutions risks rewards etc. (written and verbal)
• Technical Skills: Love for technology. You have to be inherently passionate about technology.
• Business Acumen: Technology ultimately is used to enable the business. We look for people who understand how the businesses can be enabled through their technical solutions

What we offer:

• Ability to make a noticeable difference for the organization and our customers
• Tremendous growth opportunity by becoming part of a rapidly growing organization. Its not your tenure but what you can bring to the table that defines how your career will be shaped. You control your growth.
• Complex but interesting challenges to improve the depth and breadth of your technical and business skills. Our consultants are business technologists and understand how technology drives business. 
• Competitive pay and benefits

Oteemo is an equal employment and affirmative action employer. We evaluate qualified applicants on merit and business needs and not on race color religion creed gender sexual orientation national origin ancestry age disability genetic information marital status veteran status or any other factor protected by law. Oteemo complies with the law regarding reasonable accommodations for handicapped and disabled employees.

Remote Work :

No

Employment Type :

Full-time