Job Description

We are seeking a strategic and technically proficient Manager of Threat Modeling to lead a team focused on proactively identifying and mitigating security risks across enterprise systems and architectures. This role is critical in shaping secure design practices and embedding threat modeling into the software development lifecycle and infrastructure planning. This Hybrid role (in office Tues-Wed-Thurs) can be based in either Dallas, TX, Charlotte, NC, or Malvern, PA

Core Responsibilities

Lead Threat Modeling Initiatives:

Oversee the development and execution of threat modeling activities across applications, platforms, and infrastructure to identify potential vulnerabilities and recommend mitigations early in the design phase.

Security Architecture Review:

Guide the team in conducting comprehensive security assessments of new and existing assets, ensuring alignment with organizational security standards and industry best practices.

Tooling and Process Development:

Provide senior technical expertise in the selection, implementation, and continuous improvement of threat modeling tools, frameworks, and methodologies.

Cross-Functional Collaboration:

Partner with engineering, architecture, and product teams to integrate threat modeling into agile and DevSecOps workflows, promoting a culture of secure design.

Risk Analysis and Reporting:

Translate technical findings into actionable insights for stakeholders, and contribute to risk management strategies by prioritizing threats based on impact and likelihood.

Contingency Planning Support:

Collaborate with business continuity and incident response teams to ensure threat modeling informs contingency plans for critical systems and services.

Qualifications

Minimum five years related work experience with three years experience in IT security or application development. Supervisory experience preferred. Undergraduate degree in related field or equivalent combination of training and experience. Proven experience of threat modeling, security, or application security Strong understanding of threat modeling frameworks (e.g., STRIDE, PASTA) Excellent leadership and communication skills Preferred security certification such as ISC2 CISSP, GIAC Security, Essentials Certification (GSEC), GIAC Penetration Tester Certification (GPEN), GIAC Web App Pen Tester (GWPN), or Certified Ethical Hacker (CEH)

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission--we're on a mission.


To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.