Application Security Engineer - Cloud Engineering

Vanguard•Malvern, PA

3d•Hybrid

About The Position

At Vanguard, we don't just have a mission—we're on a mission. To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best. How We Work Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience. Vanguard, one of the world's largest investment management companies, serves individual investors, institutions, employer-sponsored retirement plans, and financial professionals. We have a diverse and talented crew with a culture that promotes teamwork, along with an unwavering focus on serving our clients' best interests. This website uses "cookies" to distinguish you from other users. A cookie is a small file of letters and numbers placed on your computer or device. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services. The cookies are stored locally on your computer or mobile device. To accept cookies you can continue browsing as normal. Or you can go to our Privacy Policy to read more information and learn how to change your preferences.

Requirements

Undergraduate degree in a related field or equivalent combination of training and experience.
Strong experience with any modern programming language.
Strong knowledge of application development, build, and deployment processes.
Experience in one or more cloud providers and serverless platforms (preferably AWS).
Experience with well-known application security tools (SAST, SCA, DAST, API, Container scanning, etc).

Nice To Haves

Relevant certifications in application development, security, DevSecOps, or cloud are a plus.

Responsibilities

Design, implement, test, and maintain application security tooling and integrations across the software development lifecycle, with a focus on reliability, scalability, and performance.
Build, enhance, and operate CI/CD pipeline integrations for application security scanning, ensuring consistent execution and minimal impact to developer workflows.
Develop and maintain monitoring, alerting, and operational controls for application security platforms to ensure availability and rapid detection of failures.
Participate in an on-call rotation, troubleshoot and resolve production issues related to application security tooling, perform root cause analysis, and implement preventative improvements.
Collaborate closely with other Application Security engineers, platform teams, and the CTO organization to integrate new and existing security tools into enterprise development platforms.
Partner with Security Specialists to implement and maintain application security tool integrations and workflows, translating program requirements into reliable engineering solutions (e.g., pipeline steps, configurations, connectors, automation, and operational runbooks).
Continuously improve application security engineering standards, tooling architecture, and technical patterns, identifying opportunities to modernize or simplify implementations.
Identify and implement automation opportunities to reduce manual effort, improve consistency, and scale application security capabilities.
Maintain a strong working knowledge of software development practices, application architectures, and infrastructure patterns, applying that knowledge to improve security tooling effectiveness.
Contribute code, scripts, configurations, and infrastructure-as-code to support application security platforms and workflows.
Support and mentor junior engineers through technical guidance, code reviews, and knowledge sharing.
Create and maintain technical documentation for application security systems, integrations, and operational processes.
Participate in special projects and perform other duties as assigned.