Core Responsibilities

• Serve as the technical lead and subject matter expert for Software Composition Analysis (SCA), partnering closely with the AppSec team lead and manager to execute strategy and roadmap for open-source and dependency security across the SDLC.
• Lead the design, configuration, and continuous optimization of SCA tooling, including policy definition, risk and reachability tuning, and CI/CD integration at scale.
• Drive risk-based vulnerability management for open-source dependencies, providing guidance on prioritization, remediation approaches, and risk acceptance decisions.
• Define and maintain standards, guardrails, and best practices for open-source usage, including approved dependency policies, vulnerability thresholds, and exception workflows.
• Act as the primary point of contact for SCA, collaborating with application teams, platform teams, App Sec peers, and other security stakeholders to ensure alignment and effective execution.
• Participate in an on-call rotation to support application security tooling, assist developers, and respond to security threat events when required.
• Champion a developer-first experience by improving signal quality, reducing noise, and delivering clear, actionable remediation guidance aligned with engineering workflows.
• Identify, design, and implement automation and process improvements to enhance dependency visibility, response times, and program scalability.
• Define, track, and communicate key metrics and insights related to open-source risk, remediation effectiveness, and SCA program maturity to stakeholders and leadership.
• Provide technical leadership and mentorship to App Sec engineers and development teams on secure dependency management and emerging open-source risks.
• Maintain comprehensive documentation for SCA technologies, processes, and standards; stay current on industry trends, tooling, and open-source security threats.
• Participate in strategic initiatives and cross-functional efforts to advance the broader Application Security program.
  
  
  

Qualifications

• Bachelor’s degree in a related field or equivalent experience
• Hands-on experience deploying and operating SCA/SAST tools, including onboarding, auth setup, and CI/CD integration
• Experience with additional AppSec tools (Secret Scanning, IAST, DAST, etc.)
• Strong understanding of modern application development and delivery (IDEs, repos, CI/CD, cloud, containers, serverless)
• Working knowledge of NIST, OWASP, and MITRE frameworks
• AppSec, DevSecOps, cloud, or development certifications a plus
  
  
  

Special Factors

Sponsorship

Vanguard is offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.