The Application Security organization is responsible for the solutions and processes that secure Vanguard applications and operations. The security orchestration team integrates security tooling into the CI/CD pipeline ensuring security coverage and controls across all of the security tools. As a Application Security Specialist, you will play a pivotal role in ensuring the security and compliance of the Vanguard software development lifecycle (SDLC). You will help develop strategy, implement new technology, maintain technical controls, assess vulnerabilities, and collaborate with developers to ensure that the proper guardrails are in place to enable the continuous and secure delivery of applications. The team is collaborative, and all team members are expected to contribute in all aspects that the team needs. You will be expected to participate in technical implementation as well as security assurance.

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

Job Description Summary

The Application Security organization is responsible for the solutions and processes that secure Vanguard applications and operations. The security orchestration team integrates security tooling into the CI/CD pipeline ensuring security coverage and controls across all of the security tools. As a Application Security Specialist, you will play a pivotal role in ensuring the security and compliance of the Vanguard software development lifecycle (SDLC). You will help develop strategy, implement new technology, maintain technical controls, assess vulnerabilities, and collaborate with developers to ensure that the proper guardrails are in place to enable the continuous and secure delivery of applications. The team is collaborative, and all team members are expected to contribute in all aspects that the team needs. You will be expected to participate in technical implementation as well as security assurance.

Duties and Responsibilities

• Play a leading role in defining the vision, strategy, and roadmap for security orchestration, ensuring it evolves to meet enterprise security needs and developer expectations.

• Drive initiatives to achieve maximum scan coverage across repositories, proactively identifying gaps and implementing scalable solutions to close them.

• Develop strategies to secure current and emerging technologies (cloud, containers, serverless, mobile, AI/ML, etc.).

• Champion a frictionless developer experience by streamlining scan workflows and integrating feedback loops to continuously improve usability.

• Partner with the broader security organization to align our security orchestration capabilities with organizational goals, ensuring seamless integration in the CI/CD pipeline.

• Actively participate in epic/story grooming and retrospectives. Contribute to code reviews, complete development stories, and help evolve the team’s technical capabilities through hands-on collaboration and coding.

• Gather and report metrics from application security solutions and processes to provide meaningful insights into the maturity of the Application Security program.

• Stay up to date on application security practices and standards; participate in educational opportunities; read professional publications.

Qualifications

• Undergraduate degree in a related field or equivalent combination of training and experience.

• Experience with well-known application security tools (SAST, SCA, IAST, RASP, etc.)

• Strong knowledge of application development, build, and deployment processes (development, IDEs, repositories, branching, pipelines, cloud, containers, serverless, etc.).

• Strong experience with any modern programming language.

• Familiarity with industry standards such as NIST, OWASP, and MITRE.

• Relevant certifications in application development, security, application security, DevSecOps, or cloud are a plus.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.