Manager, Security Engineering
GoFundMeSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Financial ServicesIndustries
Requirements
- Bachelor’s degree in Computer Science, Engineering, or related field
- 7+ years of professional experience in Security Management or Application Security
- Proven people leadership experience in Application Security Engineering
- Hands-on experience with application development (Java, Python, etc.)
- Deep expertise in application security methodologies such as SAST, DAST, SCA, etc
- Strong understanding of Secure SDLC, application security engineering, and AWS cloud
- Strong experience with application development (Java, Python, etc.)
- Familiarity with industry frameworks: OWASP, NIST SSDF
- Ability to work independently and define strategic direction
- Excellent communication, leadership, and stakeholder management skills
- Certifications such as CISSP, CISM, CSSLP, or equivalent are preferred
Responsibilities
- Set high-level strategy and direction for scanning orchestration and operational practices, while establishing clear expectations, goals, and success metrics
- Lead and mentor a global team of application security engineers to build and efficiently manage scanning orchestration platform to identify security vulnerabilities
- Collaborate with Vanguard development teams and stakeholders to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC)
- Implement and manage security tools within CI/CD pipelines to automate vulnerability detection and remediation
- Work closely with Application security teams and leadership to bring application security scanning close to developers to enhance developer experience and reduce risk
- Continuously evaluate Vanguard’s application security scanning requirements, propose solutions, and work with leadership to bridge those gaps
- Define and implement strategy to achieve 100% application code scanning to detect security vulnerabilities
- Act as an industry expert in application security engineering practices and standards and guide the team to mature the Application Security program
- Identify opportunities to automate Application Security Scanning processes and guide the team to improve efficiency and achieve scalability
- Deploy application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practices
- Create and maintain documentation for integrated security processes, controls, and incident response playbooks
- Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threats
- Translate technical security strategies into business-aligned objectives for product and executive leadership
- Establish a governance framework to benchmark program maturity and team performance
- Stay current on emerging threats, including adversarial ML risks, and lead knowledge-sharing sessions across the organization
- Help and guide the AppSec Engineering team towards technology initiatives such as AI/ML scanning, software-supply-chain, Unified Vulnerability Management platform, etc
Skills
Key technologies and capabilities for this role
Questions & Answers
Common questions about this position
What qualifications and experience are required for the Application Security Engineering Manager role?
A Bachelor’s degree in Computer Science, Engineering, or related field is required, along with 7+ years of professional experience in Security Management or Application Security, proven people leadership in Application Security Engineering, hands-on experience with application development like Java or Python, and deep expertise in SAST, DAST, SCA.
What are the desired skills for this position?
Desired skills include a strong understanding of Secure SDLC, application security engineering, and AWS cloud, strong experience with application development in Java or Python, and familiarity with industry frameworks like OWASP and NIST SSD.
Is this a remote position, or is there a location requirement?
This information is not specified in the job description.
What is the compensation or salary for this role?
This information is not specified in the job description.
What leadership responsibilities does this role involve?
The role requires leading and mentoring a global team of application security engineers, setting high-level strategy and direction, establishing goals and metrics, and guiding the team on technology initiatives like AI/ML scanning.
Vanguard
Client-owned investment management firm offering low-cost funds
About Vanguard
Vanguard provides financial services with a focus on investment management. The company offers a variety of products, including mutual funds, exchange-traded funds (ETFs), individual retirement accounts (IRAs), and 401k rollovers, aimed at individual investors, financial advisors, and institutions. Vanguard's unique ownership structure means it is owned by its funds, which are in turn owned by the clients, allowing it to prioritize the needs of its investors over external shareholders. This model enables Vanguard to offer low-cost investment options, as it primarily earns revenue through management fees that are generally lower than industry standards. Additionally, Vanguard provides personalized investment advisory services, charging fees based on the assets managed. The company's goal is to help clients grow their wealth and achieve their financial objectives through effective investment strategies, while maintaining a competitive performance track record.
Kline Township, PennsylvaniaHeadquarters
1975Year Founded
SECONDARYCompany Stage
Fintech, Financial ServicesIndustries
10,001+Employees
Benefits
Best-in-class medical, dental & vision coverage
Onsite health clinic & fitness center
Health Smart Rewards program
Vanguard Retirement Savings Plan
Education Benefits
PTO
Family Planning Benefist
Parental leave
Personal development opportunities
Volunteer Time Off
Risks
Competition from AI-driven platforms like Writer challenges Vanguard's traditional advisory services.
Vanguard's stake in Steelcase exposes it to the volatile furniture market.
New active bond ETFs may struggle in a low-yield environment with increasing competition.
Differentiation
Vanguard is client-owned, aligning its interests with investors, unlike traditional firms.
The firm offers low-cost investment products, making it attractive to cost-conscious investors.
Vanguard's ownership structure allows it to focus on long-term investor value.
Upsides
Vanguard's new active bond ETFs offer diversified, low-cost fixed income options.
The acquisition of Steelcase shares diversifies Vanguard's portfolio into the furniture industry.
Launching the International Dividend Growth Fund appeals to investors seeking sustainable dividend growth.
Related Jobs
RemoteRemoteSenior Application Security Engineer
M&T BankSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteEngineering Manager, Application Security - Product Security (Remote)
CrowdstrikeSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSr. Engineer - Sensor Security Platform (Remote)
CrowdstrikeSalary not specified
RemoteSenior Vulnerability Manager
Keeper SecuritySalary not specified
RemoteSoftware Engineer, CI/CD
VercelSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteSecurity Program Manager
OpenAISalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)