Manager, Application Security Engineering

The Application Security team is responsible for the solutions and processes that secure Vanguard applications and operations. As an Application Security Engineering Manager, you will play a pivotal role in defining the strategy and ensuring the security and compliance of the Vanguard software development lifecycle (SDLC).

You will lead a team of engineers and define the strategy and lead the life cycle of application security orchestration solution to integrate with enterprise pipelines and application security tools such as SAST, Open-Source Vulnerability Scanning, Cloud application scanning, Runtime Scanning, etc. You'll collaborate with cybersecurity experts, development teams, and business leaders to integrate security into the software development lifecycle (SSDLC), reduce developer friction, and drive measurable improvements in secure coding practices

.

**This Hybrid role (in office Tues-Wed-Thurs) can be based in either Charlotte, NC, Dallas, TX, or Malvern, PA (HQ)

****

Responsibilit**

• iesThe Application Security Engineering Manager must set high-level strategy and direction for scanning orchestration and operational practices, while establishing clear expectations, goals, and success metri
• cs.Lead and mentor a global team of application security engineers to build and efficiently manage scanning orchestration platform to efficiently identify security vulnerabiliti
• es.Collaborate with Vanguard development teams and stakeholders to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDL
• C).Implement and manage security tools within CI/CD pipelines to automate vulnerability detection and remediati
• on.Works closely with Application security teams and leadership to bring application security scanning close to developers to enhance developer experience and reduce risk for the organizati
• on.Continuously evaluates the Vanguard's application security scanning requirements, propose solutions, and work with leadership to bridge those gaps to protect Vanguard applicatio
• ns.Define an implement strategy to achieve 100% application code scanning to detect security vulnerabiliti
• es.Acts as an industry expert in application security engineering practices and standards and guide the team to mature the Application Security progr
• am.Identify the opportunities to automate the Application Security Scanning processes and guide the team to improve efficiency and achieve scalabili
• ty.Deploy application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practic
• es.Create and maintain documentation for integrated security processes, controls, and incident response playboo
• ks.Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threa
• ts.Translate technical security strategies into business-aligned objectives for product and executive leadersh
• ip.Establish a governance framework to benchmark program maturity and team performan
• ce.Stay current on emerging threats, including adversarial ML risks, and lead knowledge-sharing sessions across the organizati
• on.Help and guides the AppSec Engineering team towards the technology initiatives such as AI/ML scanning, software-supply-chain, Unified Vulnerability Management platform, e

**tc.

Qualificat**

• ionsBachelor's degree in Computer Science, Engineering, or related fi
• eld;7+ years of professional experience in Security Management, Application Secur
• ity,Proven people leadership experience in Application Security Engineer
• ing.Hands-on experience with application development (Java, Python, e
• tc.)Deep expertise in application security methodologies such as SAST, DAST, SCA,

**etc.

Desired S**

• killsStrong understanding of Secure SDLC, application security engineering, and AWS c
• loud.Strong experience with application development (Java, Python,
• etc.)Familiarity with industry frameworks: OWASP, NIST
• SSDF.Ability to work independently and define strategic direc
• tion.Excellent communication, leadership, and stakeholder management sk
• ills.Certifications such as CISSP, CISM, CSSLP, or equivalent are prefe

rred.