Secure Developer Experience Specialist

About The Position

Requirements

• Minimum 8 years of related work experience, with at least 3 years in IT security or application development.
• Undergraduate degree in Computer Science, Information Technology, Cybersecurity, Information Systems, or related field.Alternatively, candidates with a non-technical degree or no degree but substantial relevant experience will be considered.
• Minimum of 2+ years of professional experience in secure software development, application security, or developer enablement roles. Alternatively, 5+ years of experience in cybersecurity, security awareness, or enterprise application risk management may substitute for direct developer experience.
• Direct developer experience is not strictly required. However, candidates must demonstrate: Rudimentary coding capability (e.g., able to read, write, and understand code in at least one major programming language such as Python, Java, or C#).
• High-level understanding of the Software Development Life Cycle (SDLC), secure coding principles, and the challenges faced in enterprise application development.
• Familiarity with common developer workflows, tools, and bottlenecks.
• Highly respected certifications: CISSP, CSSLP.

Nice To Haves

• Desired: Security+ or equivalent foundational security certification.
• Considered: SSAP or similar credentials, especially for candidates with a background in security awareness and developer enablement.
• Candidates lacking direct developer experience but possessing a strong background in cybersecurity awareness, secure development advocacy, or enterprise change management will be strongly considered.
• Experience with any of the following is a plus: Using Wiz dashboards or similar tools for extracting insights and informing project decisions Qualys, CloudFleet, or other vulnerability management platforms AWS, Azure, GCP, or OCI cloud environments Secure code training platforms Familiarity with secure development frameworks (e.g., NIST SSDF, OWASP SAMM, SLSA) Developer productivity platforms, code analysis tools, or IDE security controls

Responsibilities

• Design and Maintain the Secure Developer Scorecard: Lead the creation, evolution, and ongoing management of a secure developer scorecard that measures developer successes and failures in secure coding practices. Ensure the scorecard reflects key metrics such as vulnerability prevention, SDLC adherence, time spent on secure coding, and alignment with Vanguard-specific expectations.
• Discover and Address Developer Community Bottlenecks: Proactively engage with the developer community to identify bottlenecks, frustrations, and barriers that delay code merges to production or lead to the dismissal of secure coding governance. Analyze feedback and data to pinpoint areas for improvement.
• Lead Developer Engagement and Feedback Loops: Facilitate regular sessions with developers to listen, gather insights, and foster open dialogue about secure development challenges. Serve as a trusted advocate for developers, ensuring their voices are heard in enterprise security initiatives.
• Build Business Cases for Secure Development Process Improvements: Translate developer feedback and scorecard insights into actionable business cases for process, tooling, or cultural changes. Present recommendations to leadership with a focus on business value, profitability, and measurable outcomes.
• Conduct Learning and Awareness Activities: Develop and deliver targeted learning sessions, workshops, and awareness campaigns to promote secure coding practices and SDLC governance within the developer community.

Benefits

• comprehensive health and wellness care
• work-life balance
• an investment in your future