Supply Chain Security Engineer

Salario mediano: $135,000 USD · BLS 2024Aproximadamente $2,363,000 MXN al tipo de cambio actual. Tu banco aplicará el tipo de cambio real al momento de cualquier transacción.

A supply-chain security engineer owns the integrity of every artifact that ships into production: the npm packages, the container base images, the CI/CD plugins, the third-party libraries pulled at build time, and the binaries the operations team installs. The discipline matured after SolarWinds, Codecov, log4j, and the 2024 xz-utils backdoor, and the practical anchors are now NIST SP 800-218 SSDF (Souppaya, Scarfone, Dodson, 2022), CISA's Secure Software Self-Attestation Common Form, and the SLSA framework v1.0 from the Open Source Security Foundation. You implement SBOM generation at every build step, you wire signature verification into deployment gates, you maintain a known-bad inventory the security team can query, and you rehearse the response when a transitive dependency turns out to be malicious. The job rewards methodical inventory discipline and the willingness to argue with developers about a dependency they swear they need.