Application Security Engineering Manager at Vanguard

Malvern, Pennsylvania, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Financial ServicesIndustries

Requirements

Bachelor’s degree in Computer Science, Engineering, or related field
7+ years of professional experience in Security Management or Application Security
Proven people leadership experience in Application Security Engineering
Hands-on experience with application development (Java, Python, etc.)
Deep expertise in application security methodologies such as SAST, DAST, SCA, etc
Strong understanding of Secure SDLC, application security engineering, and AWS cloud
Strong experience with application development (Java, Python, etc.)
Familiarity with industry frameworks: OWASP, NIST SSDF
Ability to work independently and define strategic direction
Excellent communication, leadership, and stakeholder management skills
Certifications such as CISSP, CISM, CSSLP, or equivalent are preferred

Responsibilities

Set high-level strategy and direction for scanning orchestration and operational practices, while establishing clear expectations, goals, and success metrics
Lead and mentor a global team of application security engineers to build and efficiently manage scanning orchestration platform to identify security vulnerabilities
Collaborate with Vanguard development teams and stakeholders to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC)
Implement and manage security tools within CI/CD pipelines to automate vulnerability detection and remediation
Work closely with Application security teams and leadership to bring application security scanning close to developers to enhance developer experience and reduce risk
Continuously evaluate Vanguard’s application security scanning requirements, propose solutions, and work with leadership to bridge those gaps
Define and implement strategy to achieve 100% application code scanning to detect security vulnerabilities
Act as an industry expert in application security engineering practices and standards and guide the team to mature the Application Security program
Identify opportunities to automate Application Security Scanning processes and guide the team to improve efficiency and achieve scalability
Deploy application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practices
Create and maintain documentation for integrated security processes, controls, and incident response playbooks
Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threats
Translate technical security strategies into business-aligned objectives for product and executive leadership
Establish a governance framework to benchmark program maturity and team performance
Stay current on emerging threats, including adversarial ML risks, and lead knowledge-sharing sessions across the organization
Help and guide the AppSec Engineering team towards technology initiatives such as AI/ML scanning, software-supply-chain, Unified Vulnerability Management platform, etc

Skills

Application Security

Scanning Orchestration

CI/CD Pipelines

SSDLC

OWASP Top 10

Vulnerability Detection

Security Automation

Incident Response

Vanguard

Client-owned investment management firm offering low-cost funds

About Vanguard

Vanguard provides financial services with a focus on investment management. The company offers a variety of products, including mutual funds, exchange-traded funds (ETFs), individual retirement accounts (IRAs), and 401k rollovers, aimed at individual investors, financial advisors, and institutions. Vanguard's unique ownership structure means it is owned by its funds, which are in turn owned by the clients, allowing it to prioritize the needs of its investors over external shareholders. This model enables Vanguard to offer low-cost investment options, as it primarily earns revenue through management fees that are generally lower than industry standards. Additionally, Vanguard provides personalized investment advisory services, charging fees based on the assets managed. The company's goal is to help clients grow their wealth and achieve their financial objectives through effective investment strategies, while maintaining a competitive performance track record.

Kline Township, PennsylvaniaHeadquarters

1975Year Founded

SECONDARYCompany Stage

Fintech, Financial ServicesIndustries

10,001+Employees

Benefits

Best-in-class medical, dental & vision coverage

Onsite health clinic & fitness center

Health Smart Rewards program

Vanguard Retirement Savings Plan

Education Benefits

PTO

Family Planning Benefist

Parental leave

Personal development opportunities

Volunteer Time Off

Risks

Competition from AI-driven platforms like Writer challenges Vanguard's traditional advisory services.

Vanguard's stake in Steelcase exposes it to the volatile furniture market.

New active bond ETFs may struggle in a low-yield environment with increasing competition.

Differentiation

Vanguard is client-owned, aligning its interests with investors, unlike traditional firms.

The firm offers low-cost investment products, making it attractive to cost-conscious investors.

Vanguard's ownership structure allows it to focus on long-term investor value.

Upsides

Vanguard's new active bond ETFs offer diversified, low-cost fixed income options.

The acquisition of Steelcase shares diversifies Vanguard's portfolio into the furniture industry.

Launching the International Dividend Growth Fund appeals to investors seeking sustainable dividend growth.

Land your dream remote job 3x faster with AI

Try Jobo Free