Core Responsibilities
Lead the design and execution of enterprise-wide Software Composition Analysis (SCA) and software supply chain security strategy across all applications and platforms.
Own end-to-end open-source risk management, including vulnerability detection, prioritization, and remediation of third-party dependencies.
Define and enforce security policies aligned with industry standards such as OWASP and NIST (SSDF), ensuring secure software development practices.
Integrate SCA tooling into CI/CD pipelines and developer workflows to enable automated, shift-left security controls.
Drive implementation and adoption of Software Bill of Materials (SBOM) standards (e.g., Cyclone,DX, SPDX) for full dependency visibility.
Secure the software supply chain by implementing controls for artifact integrity, provenance, and signed builds, aligned with OpenSSF frameworks (e.g., SLSA).
Lead response and mitigation efforts for critical supply chain vulnerabilities (e.g., zero-day dependency risks), ensuring rapid impact analysis and remediation.
Establish governance over artifact repositories and package registries, enforcing version control, trusted sources, and secure publishing practices.
Define and track key security metrics (e.g., vulnerability MTTR, coverage, policy compliance) and present insights to senior leadership.
Mentor a team of security engineers while partnering with engineering, DevOps, and product teams to drive scalable, developer-friendly security solutions.
Qualifications
Bachelor’s degree in a related field or equivalent experience
Hands-on experience deploying and operating SCA/SAST tools, including onboarding, auth setup, and CI/CD integration
Experience with additional AppSec tools (Secret Scanning, IAST, DAST, etc.)
Strong understanding of modern application development and delivery (IDEs, repos, CI/CD, cloud, containers, serverless)
Working knowledge of NIST, OWASP, and MITRE frameworks
AppSec, DevSecOps, cloud, or development certifications a plus
Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.About Vanguard
At Vanguard, we don't just have a mission—we're on a mission.
To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.
Vanguard Charlotte, North Carolina, USA Office
Two North Falls Plaza, Charlotte, NC, United States, 28217
Similar Jobs
What you need to know about the Charlotte Tech Scene
Key Facts About Charlotte Tech
- Number of Tech Workers: 90,859; 6.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lowe’s, Bank of America, TIAA, Microsoft, Honeywell
- Key Industries: Fintech, artificial intelligence, cybersecurity, cloud computing, e-commerce
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (CED)
- Notable Investors: Microsoft, Google, Falfurrias Management Partners, RevTech Labs Foundation
- Research Centers and Universities: University of North Carolina at Charlotte, Northeastern University, North Carolina Research Campus
