Required
About the Lab
We managesthe software supply chain for 80% of the Fortune 100 - packages, container images, ML models, agent skills, MCP servers, and AI-generated code. The rules are changing fast, and we need someone who can build the next generation of tools to manage, govern, and secure it all.
Our CTO Lab is a small, senior team building what comes next. We sit across the entire platform - Artifactory, Xray, Curation, AppTrust, ML, AI Catalog, Fly, Runtime, Distribution - and our job is to figure out how AI changes all of it. We run focused experiments, prototype fast, demo often, and grow what works into products alongside our product and engineering groups.
This role has two modes. In Build mode, you'll work across the full breadth of the platform - from artifact management and security to ML lifecycle and developer experience. In Scout mode, you'll be our antenna - evaluating new AI frameworks as they drop, scanning for emerging patterns in agentic AI, supply chain attacks, and developer tooling, and feeding evidence into our strategic decisions.
As a CTO Lab Architect you will build:
AI-powered supply chain intelligence - LLM systems that reason over artifacts, dependencies, and release signals to move past static block/allow rules toward decisions a senior engineer would make.
Agent systems and governance - build and secure AI agents that operate against registries, pipelines, and deployment systems. Extend our controls to the AI artifact stack we ship today - MCP Registry, Agent Skills Registry, AI Catalog - and design the next generation of governance models.
AI woven across the platform - versioning, security, and provenance for AI artifacts, and capabilities that make developers faster wherever speed, trust, or judgment can be amplified.
Evaluation and measurement - benchmarks and pipelines that prove AI-powered approaches actually outperform traditional ones. Data beats opinions.
Technology scouting and signal analysis - evaluate new AI frameworks and security innovations as they emerge. Concise assessments of what's real, what's hype, and what it means for us.
Requirements: Must Have
7+ years building distributed systems (or equivalent depth) - you've shipped production software, not just prototypes.
Hands-on with AI/ML systems -you've built something real with LLMs, embeddings, RAG, or agent frameworks (LangGraph, LangChain, Claude API, OpenAI API, or similar). You understand prompt engineering, context windows, token economics, evaluation, and failure modes.
Strong coding in Python and/or Go - clean, fast working code. Prototypes that demo, with a clear sense of where shipping begins.
Judgment under ambiguity - you can take a hard, open question and come back with a working prototype and data. You'll kill your own project when the evidence says it doesn't work, and you'll be proud of what you learned.
Strong Advantage:
Experience building AI agent systems - tool use, function calling, MCP, multi-step reasoning, sandboxing, and the security/governance of giving agents access to real infrastructure
Hands-on with MLOps or ML model management - model registries, versioning, serving, monitoring, or security scanning
Background in DevSecOps, supply chain security, or compliance - SBOMs, Sigstore, SLSA, OPA/Rego, DORA, FedRAMP, or package ecosystem internals (npm, PyPI, Maven, Go modules, Docker)
Familiarity with our platform (Artifactory, Xray, Curation, AI Catalog, ML, CLI)
Prior work in a research lab, innovation team, or early-stage startup where you built zero-to-one.
This position is open to all candidates.