Job Description
About the position At Vanguard, we don't just have a mission—we're on a mission. To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best. How We Work Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience. Responsibilities • Secure the software development lifecycle (SDLC) by applying application development, deployment, and security expertise. • Operate, configure, and continuously improve application security tooling, with a primary focus on SAST and SCA, including policy tuning and integration into CI/CD pipelines. • Identify, analyze, and triage application security vulnerabilities; apply risk-based prioritization and work with engineering teams to drive timely remediation. • Collaborate with App Sec engineers and peer security teams to ensure consistent implementation, coverage, and alignment of application security tools, standards, and processes. • Champion a low-friction developer experience by streamlining scan workflows, reducing false positives, and providing clear, actionable feedback. • Participate in an on-call rotation to support application security tooling, assist developers, and respond to security threat events when required. • Identify and implement opportunities to automate application security processes to improve scalability, efficiency, and coverage. • Gather and report meaningful metrics to measure vulnerability trends, tool effectiveness, and application security program maturity. • Develop and maintain documentation for application security technologies, processes, and standards. • Provide guidance and training to development and cloud engineering teams on secure coding, dependency management, and deployment best practices. • Stay current on application security trends, tools, and standards, and contribute to continuous improvement of the AppSec program. • Participate in special projects and perform other duties as assigned. Requirements • Minimum of five years related work experience. • Undergraduate degree in a related field or the equivalent combination of training and experience.