AI-Powered OSS Supply Chain Security Intern

Nielsen, we are passionate about our work to power a better media future for all people by providing powerful insights that drive client decisions and deliver extraordinary results. Our talented, global workforce is dedicated to capturing audience engagement with content - wherever and whenever it’s consumed. Together, we are proudly rooted in our deep legacy as we stand at the forefront of the media revolution. When you join Nielsen, you will join a dynamic team committed to excellence, perseverance, and the ambition to make an impact together. We champion you, because when you succeed, we do too. We enable your best to power our future. Job Description As our company leverages Open Source Software (OSS) to innovate, the attack surface has shifted toward the software supply chain. We are seeking a technically adept intern to revolutionize how we manage OSS risk. You will assess our GitLab repositories to build a management infrastructure that identifies OSS packages that have the most impact on the production stack. A key focus of this role is identifying the emerging landscape of AI-based reports on OSS findings (such as Anthropic Mythos-class AI) and identifying which of our OSS dependencies are most susceptible to these new attack vectors. Key Responsibilities GitLab Repository Analysis: Programmatically scan GitLab repositories to inventory all OSS libraries, frameworks, and dependencies. Usage Verification (Dead Code Identification): Utilize "In Use Analysis" techniques to determine if a vulnerable library is actually called by the application in a production environment, filtering out the "70% noise" of unused code. Threat Intelligence Integration: Auto generate threat intel reports that monitor industry reports (CISA, OWASP, Snyk, etc.) for AI-driven threats identifying new OSS stack vulnerabilities not yet assigned CVSS scores. Infrastructure Automation: Design a sustainable workflow (via GitLab CI/CD or custom scripts) that alerts the security team when a high-risk OSS component is introduced or when a new AI-based exploit is reported for an existing OSS package. Prioritization Engine: Develop a scoring rubric to rank OSS tools for remediation based on production usage, business criticality, and susceptibility to AI-enhanced exploits. The Deliverable The final product of this internship is the OSS Resilience Management Framework. This must include: The "Active Stack" Inventory: A filtered list of OSS libraries that are verified as active in production environments. AI Threat Heatmap: A report identifying the top 30 OSS tools in our stack that are most vulnerable to emerging AI-based attack patterns. Automated Scanning Pipeline: A GitLab-integrated script or runner that performs periodic "in use" checks and cross-references them against new threat intel. Remediation Roadmap: A prioritized "Hit List" of the first five OSS libraries that require immediate version upgrades or replacement. Examples of Technical Tasks Dependency Graphing: Using GitLab APIs to map how a library like Log4j or NumPy is nested within multiple internal projects. Call Graph Analysis: Running basic static analysis (SAST) to see if a specific vulnerable function within a library is actually being imported and executed. Automated Threat Feeds: Writing a script to scrape or API-query vulnerability databases for keywords related to "AI-generated exploits" or "LLM-based supply chain attacks."