Make Your Resume Now

AI-Powered OSS Supply Chain Security Intern

Thenielsencompany
United States
Posted April 16, 2026
Full-time Not Applicable

Job Overview

As our company leverages Open Source Software (OSS) to innovate, the attack surface has shifted toward the software supply chain. We are seeking a technically adept intern to revolutionize how we manage OSS risk. You will assess our GitLab repositories to build a management infrastructure that identifies OSS packages that have the most impact on the production stack.

A key focus of this role is identifying the emerging landscape of AI-based reports on OSS findings (such as Anthropic Mythos-class AI) and identifying which of our OSS dependencies are most susceptible to these new attack vectors.

Key Responsibilities

  • GitLab Repository Analysis: Programmatically scan GitLab repositories to inventory all OSS libraries, frameworks, and dependencies.

  • Usage Verification (Dead Code Identification): Utilize "In Use Analysis" techniques to determine if a vulnerable library is actually called by the application in a production environment, filtering out the "70% noise" of unused code.

  • Threat Intelligence Integration: Auto generate threat intel reports that monitor industry reports (CISA, OWASP, Snyk, etc.) for AI-driven threats identifying new OSS stack vulnerabilities not yet assigned CVSS scores.

  • Infrastructure Automation: Design a sustainable workflow (via GitLab CI/CD or custom scripts) that alerts the security team when a high-risk OSS component is introduced or when a new AI-based exploit is reported for an existing OSS package.

  • Prioritization Engine: Develop a scoring rubric to rank OSS tools for remediation based on production usage, business criticality, and susceptibility to AI-enhanced exploits.

The Deliverable

The final product of this internship is the OSS Resilience Management Framework. This must include:

  1. The "Active Stack" Inventory: A filtered list of OSS libraries that are verified as active in production environments.

  2. AI Threat Heatmap: A report identifying the top 30 OSS tools in our stack that are most vulnerable to emerging AI-based attack patterns.

  3. Automated Scanning Pipeline: A GitLab-integrated script or runner that performs periodic "in use" checks and cross-references them against new threat intel. 

  4. Remediation Roadmap: A prioritized "Hit List" of the first five OSS libraries that require immediate version upgrades or replacement.

Examples of Technical Tasks

  • Dependency Graphing: Using GitLab APIs to map how a library like Log4j or NumPy is nested within multiple internal projects.

  • Call Graph Analysis: Running basic static analysis (SAST) to see if a specific vulnerable function within a library is actually being imported and executed.

  • Automated Threat Feeds: Writing a script to scrape or API-query vulnerability databases for keywords related to "AI-generated exploits" or "LLM-based supply chain attacks."

Ready to Apply?

Take the next step in your career journey

Apply Show More Jobs

Stand out with a professional resume tailored for this role

Build Your Resume – It’s Free!