Manager, Application Security at Vanguard

Charlotte, North Carolina, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

FinanceIndustries

Requirements

Bachelor’s degree in Computer Science, Engineering, or related field
7+ years of professional experience in Security Management, Application Security, or ML Security
Proven leadership experience in IT Security and governance
Hands-on experience with SAST, DAST, SCA tools
Familiarity with secure ML lifecycle practices (MLSecOps)
Strong understanding of secure SDLC, application security testing, and supply chain security
Experience with MLSecOps practices and securing AI/ML pipelines
Familiarity with industry frameworks: OWASP SAMM, BSIMM, SLSA, NIST SSDF
Experience with cloud platforms (AWS, Azure, GCP) and cloud-native security practices
Ability to work independently and define strategic direction without supervision
Excellent communication, leadership, and stakeholder management skills
Certifications such as CISSP, CISM, CSSLP, or equivalent (preferred)
Experience with one or more programming languages such as Python, Java, C#, C++, etc

Responsibilities

Set high-level strategy and direction for secure software development and supply chain practices, while establishing clear expectations, goals, and success metrics
Collaborate with cybersecurity experts, technology teams, suppliers, and business leaders to define and enforce controls that protect enterprise assets and critical systems
Mentor and lead a global team of application security professionals to implement security tools for dynamic scanning, and to protect software supply chain, APIs, and AI/ML applications
Collaborate with development teams to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC)
Implement and manage security tools within CI/CD pipelines to automate vulnerability detection and remediation
Lead secure software supply chain initiatives including SBOM generation, artifact signing and provenance, and alignment with industry standards
Craft and deploy application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practices
Define governance procedures and provide strategic recommendations on security policies for secure application and ML model development
Partner with platform and product teams to triage and remediate threats and vulnerabilities across web, mobile, backend, and ML systems
Create and maintain documentation for integrated security processes, controls, and incident response playbooks
Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threats
Translate technical security strategies into business-aligned objectives for product and executive leadership
Establish a governance framework to benchmark program maturity and team performance
Stay current on emerging threats, including adversarial ML risks, and lead knowledge-sharing sessions across the organization

Skills

SSDLC

CI/CD

SBOM

Artifact Signing

Provenance

OWASP Top 10

Dynamic Scanning

API Security

AI/ML Security

Vulnerability Management

Incident Response

Vanguard

Client-owned investment management firm offering low-cost funds

About Vanguard

Vanguard provides financial services with a focus on investment management. The company offers a variety of products, including mutual funds, exchange-traded funds (ETFs), individual retirement accounts (IRAs), and 401k rollovers, aimed at individual investors, financial advisors, and institutions. Vanguard's unique ownership structure means it is owned by its funds, which are in turn owned by the clients, allowing it to prioritize the needs of its investors over external shareholders. This model enables Vanguard to offer low-cost investment options, as it primarily earns revenue through management fees that are generally lower than industry standards. Additionally, Vanguard provides personalized investment advisory services, charging fees based on the assets managed. The company's goal is to help clients grow their wealth and achieve their financial objectives through effective investment strategies, while maintaining a competitive performance track record.

Kline Township, PennsylvaniaHeadquarters

1975Year Founded

SECONDARYCompany Stage

Fintech, Financial ServicesIndustries

10,001+Employees

Benefits

Best-in-class medical, dental & vision coverage

Onsite health clinic & fitness center

Health Smart Rewards program

Vanguard Retirement Savings Plan

Education Benefits

PTO

Family Planning Benefist

Parental leave

Personal development opportunities

Volunteer Time Off

Risks

Competition from AI-driven platforms like Writer challenges Vanguard's traditional advisory services.

Vanguard's stake in Steelcase exposes it to the volatile furniture market.

New active bond ETFs may struggle in a low-yield environment with increasing competition.

Differentiation

Vanguard is client-owned, aligning its interests with investors, unlike traditional firms.

The firm offers low-cost investment products, making it attractive to cost-conscious investors.

Vanguard's ownership structure allows it to focus on long-term investor value.

Upsides

Vanguard's new active bond ETFs offer diversified, low-cost fixed income options.

The acquisition of Steelcase shares diversifies Vanguard's portfolio into the furniture industry.

Launching the International Dividend Growth Fund appeals to investors seeking sustainable dividend growth.

Land your dream remote job 3x faster with AI

Try Jobo Free