AI-Powered OSS Supply Chain Security Intern

Nielsen, we are passionate about our work to power a better media future for all people by providing powerful insights that drive client decisions and deliver extraordinary results. Our talented, global workforce is dedicated to capturing audience engagement with content - wherever and whenever it’s consumed. Together, we are proudly rooted in our deep legacy as we stand at the forefront of the media revolution. When you join Nielsen, you will join a dynamic team committed to excellence, perseverance, and the ambition to make an impact together. We champion you, because when you succeed, we do too. We enable your best to power our future.

As our company leverages Open Source Software (OSS) to innovate, the attack surface has shifted toward the software supply chain. We are seeking a technically adept intern to revolutionize how we manage OSS risk. You will assess our GitLab repositories to build a management infrastructure that identifies OSS packages that have the most impact on the production stack.

A key focus of this role is identifying the emerging landscape of AI-based reports on OSS findings (such as Anthropic Mythos-class AI) and identifying which of our OSS dependencies are most susceptible to these new attack vectors.

Key Responsibilities

• GitLab Repository Analysis: Programmatically scan GitLab repositories to inventory all OSS libraries, frameworks, and dependencies.

• Usage Verification (Dead Code Identification): Utilize "In Use Analysis" techniques to determine if a vulnerable library is actually called by the application in a production environment, filtering out the "70% noise" of unused code.

• Threat Intelligence Integration: Auto generate threat intel reports that monitor industry reports (CISA, OWASP, Snyk, etc.) for AI-driven threats identifying new OSS stack vulnerabilities not yet assigned CVSS scores.

• Infrastructure Automation: Design a sustainable workflow (via GitLab CI/CD or custom scripts) that alerts the security team when a high-risk OSS component is introduced or when a new AI-based exploit is reported for an existing OSS package.

• Prioritization Engine: Develop a scoring rubric to rank OSS tools for remediation based on production usage, business criticality, and susceptibility to AI-enhanced exploits.

The Deliverable

The final product of this internship is the OSS Resilience Management Framework. This must include:

• The "Active Stack" Inventory: A filtered list of OSS libraries that are verified as active in production environments.

• AI Threat Heatmap: A report identifying the top 30 OSS tools in our stack that are most vulnerable to emerging AI-based attack patterns.

• Automated Scanning Pipeline: A GitLab-integrated script or runner that performs periodic "in use" checks and cross-references them against new threat intel. 

• Remediation Roadmap: A prioritized "Hit List" of the first five OSS libraries that require immediate version upgrades or replacement.

Examples of Technical Tasks

• Dependency Graphing: Using GitLab APIs to map how a library like Log4j or NumPy is nested within multiple internal projects.

• Call Graph Analysis: Running basic static analysis (SAST) to see if a specific vulnerable function within a library is actually being imported and executed.

• Automated Threat Feeds: Writing a script to scrape or API-query vulnerability databases for keywords related to "AI-generated exploits" or "LLM-based supply chain attacks."

 

• (Nice to have) Currently pursuing a degree in Software Engineering, Cybersecurity, or Data Science.

• Development Skills: Comfortable reading and navigating multiple languages (Python, Java, or JavaScript/Node.js) and using Git/GitLab.

• Analytical Mindset: Ability to correlate external threat intelligence with internal technical data.

• Automation Familiarity: Understanding of CI/CD pipelines and how to trigger security scans within a development workflow.

Enabling your best to power a better media future.

Holistic Rewards: We are committed to an inclusive benefits package that supports our employees and their families. This includes comprehensive health and wellness plans, a 401(k) with a Nielsen company match, and a generous paid time off policy. Depending on the role, additional benefits may include a company-provided vehicle and/or discretionary incentive/bonus eligibility.

Compensation Transparency: The posted base salary range is a reasonable estimate that  may be adjusted based on the final work location of the selected employee. Individual pay within the range is determined by factors such as experience, training, geography, certifications, and business needs. Beyond base salary, this role may be eligible for bonuses, equity, or other incentives.

Nielsen makes hiring decisions without regard to disability status, protected veteran status, or membership in any other protected class.

Please be aware that job-seekers may be at risk of targeting by scammers seeking personal data or money. Nielsen recruiters will only contact you through official job boards, LinkedIn, or email with a nielsen.com domain. Be cautious of any outreach claiming to be from Nielsen via other messaging platforms or personal email addresses. Always verify that email communications come from an @nielsen.com address. If you're unsure about the authenticity of a job offer or communication, please contact Nielsen directly through our official website or verified social media channels.