Supply Chain Security Engineer

Salário mediano: $135,000 USD · BLS 2024Aproximadamente R$675,000 ao câmbio atual, antes de IR e INSS. Seu banco aplicará o câmbio real em qualquer transação internacional.

A supply-chain security engineer owns the integrity of every artifact that ships into production: the npm packages, the container base images, the CI/CD plugins, the third-party libraries pulled at build time, and the binaries the operations team installs. The discipline matured after SolarWinds, Codecov, log4j, and the 2024 xz-utils backdoor, and the practical anchors are now NIST SP 800-218 SSDF (Souppaya, Scarfone, Dodson, 2022), CISA's Secure Software Self-Attestation Common Form, and the SLSA framework v1.0 from the Open Source Security Foundation. You implement SBOM generation at every build step, you wire signature verification into deployment gates, you maintain a known-bad inventory the security team can query, and you rehearse the response when a transitive dependency turns out to be malicious. The job rewards methodical inventory discipline and the willingness to argue with developers about a dependency they swear they need.