The DevSecOps team is responsible for the solutions and processes that secure Vanguard applications and operations. As a DevSecOps Tech Lead, you will play a pivotal role in ensuring the security and compliance of the Vanguard software development lifecycle (SDLC). You will help develop strategy, implement new technology, maintain technical controls, assess vulnerabilities, and collaborate with developers to ensure that the proper guardrails are in place to enable the continuous and secure delivery of applications.

Core Responsibilities

• Lead the design and execution of enterprise-wide Software Composition Analysis (SCA) and software supply chain security strategy across all applications and platforms.

• Own end-to-end open-source risk management, including vulnerability detection, prioritization, and remediation of third-party dependencies.

• Define and enforce security policies aligned with industry standards such as OWASP and NIST (SSDF), ensuring secure software development practices.

• Integrate SCA tooling into CI/CD pipelines and developer workflows to enable automated, shift-left security controls.

• Drive implementation and adoption of Software Bill of Materials (SBOM) standards (e.g., Cyclone,DX, SPDX) for full dependency visibility.

• Secure the software supply chain by implementing controls for artifact integrity, provenance, and signed builds, aligned with OpenSSF frameworks (e.g., SLSA).

• Lead response and mitigation efforts for critical supply chain vulnerabilities (e.g., zero-day dependency risks), ensuring rapid impact analysis and remediation.

• Establish governance over artifact repositories and package registries, enforcing version control, trusted sources, and secure publishing practices.

• Define and track key security metrics (e.g., vulnerability MTTR, coverage, policy compliance) and present insights to senior leadership.

• Mentor a team of security engineers while partnering with engineering, DevOps, and product teams to drive scalable, developer-friendly security solutions.

Qualifications

• Bachelors degree in a related field or equivalent experience

• Hands-on experience deploying and operating SCA/SAST tools, including onboarding, auth setup, and CI/CD integration

• Experience with additional AppSec tools (Secret Scanning, IAST, DAST, etc.)

• Strong understanding of modern application development and delivery (IDEs, repos, CI/CD, cloud, containers, serverless)

• Working knowledge of NIST, OWASP, and MITRE frameworks

• AppSec, DevSecOps, cloud, or development certifications a plus

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a missionwe're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.