Job Description

The Application Security team is responsible for the solutions and processes that secure Vanguard applications and operations. As an Application Security Engineering Manager, you will play a pivotal role in defining the strategy and ensuring the security and compliance of the Vanguard software development lifecycle (SDLC). You will lead a team of engineers and define the strategy and lead the life cycle of application security orchestration solution to integrate with enterprise pipelines and application security tools such as SAST, Open-Source Vulnerability Scanning, Cloud application scanning, Runtime Scanning, etc. You'll collaborate with cybersecurity experts, development teams, and business leaders to integrate security into the software development lifecycle (SSDLC), reduce developer friction, and drive measurable improvements in secure coding practices. This Hybrid role is based (in office Tues-Wed-Thurs) can be based in Charlotte, NC, Dallas, TX, or Malvern, PA

Responsibilities:

The Application Security Engineering Manager must set high-level strategy and direction for scanning orchestration and operational practices, while establishing clear expectations, goals, and success metrics. Lead and mentor a global team of application security engineers to build and efficiently manage scanning orchestration platform to efficiently identify security vulnerabilities. Collaborate with Vanguard development teams and stakeholders to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC). Implement and manage security tools within CI/CD pipelines to automate vulnerability detection and remediation. Works closely with Application security teams and leadership to bring application security scanning close to developers to enhance developer experience and reduce risk for the organization. Continuously evaluates the Vanguard's application security scanning requirements, propose solutions, and work with leadership to bridge those gaps to protect Vanguard applications. Define an implement strategy to achieve 100% application code scanning to detect security vulnerabilities. Acts as an industry expert in application security engineering practices and standards and guide the team to mature the Application Security program. Identify the opportunities to automate the Application Security Scanning processes and guide the team to improve efficiency and achieve scalability. Deploy application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practices. Create and maintain documentation for integrated security processes, controls, and incident response playbooks. Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threats. Translate technical security strategies into business-aligned objectives for product and executive leadership. Establish a governance framework to benchmark program maturity and team performance. Stay current on emerging threats, including adversarial ML risks, and lead knowledge-sharing sessions across the organization. Help and guides the AppSec Engineering team towards the technology initiatives such as AI/ML scanning, software-supply-chain, Unified Vulnerability Management platform, etc.

Qualifications

Bachelor's degree in Computer Science, Engineering, or related field; 7+ years of professional experience in Security Management, Application Security, Proven people leadership experience in Application Security Engineering. Hands-on experience with application development (Java, Python, etc.) Deep expertise in application security methodologies such as SAST, DAST, SCA, etc.

Desired Skills

Strong understanding of Secure SDLC, application security engineering, and AWS cloud. Strong experience with application development (Java, Python, etc.) Familiarity with industry frameworks: OWASP, NIST SSDF. Ability to work independently and define strategic direction. Excellent communication, leadership, and stakeholder management skills. Certifications such as CISSP, CISM, CSSLP, or equivalent are preferred.

Special Factors

Sponsorship

Vanguard is offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission--we're on a mission.


To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.