Supply Chain Security Specialist

Core Responsibilities

• Define and own enterprise software supply chain security strategy, roadmap, and governance
• Establish policies and guardrails for SBOM, artifact signing, provenance, and dependency usage
• Embed security controls across SDLC, CI/CD pipelines, and artifact repositories
• Implement and enforce SBOM generation, validation, and artifact integrity controls
• Collaborate with stakeholders and lead risk-based vulnerability management for open-source and third-party components
• Collaborate with stakeholders and define remediation workflows, SLAs, and exception handling for supply chain risks
• Own tooling strategy for SCA, container scanning, and supply chain security automation
• Integrate and optimize security tooling within CI/CD for scalable enforcement
• Maintain inventory and visibility of dependencies, SBOMs, and third-/fourth-party exposure
• Partner with AppSec, DevSecOps, and platform teams to drive secure development adoption
• Enable developers via playbooks, guardrails, and self-service secure consumption patterns
• Define metrics and report on supply chain risk posture, remediation effectiveness, and maturity

• Experience with AI/ML pipeline security
• Exposure to AIBOM / advanced SBOM evolution
• Knowledge of zero-trust supply chain models

• Minimum of five years related work experience.
• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
• 7-10+ years in AppSec / DevSecOps / platform security
• Hands-on experience with SCA + pipeline security
• Certifications preferred (CISSP, CSSLP, AAISM or equivalent etc.)
• Programming/scripting (Python, Java, YAML)