Senior Application Security Architect

Vanguard•Malvern, PA

2d•Hybrid

About The Position

At Vanguard, we don't just have a mission—we're on a mission. To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best. How We Work Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience. Vanguard, one of the world's largest investment management companies, serves individual investors, institutions, employer-sponsored retirement plans, and financial professionals. We have a diverse and talented crew with a culture that promotes teamwork, along with an unwavering focus on serving our clients' best interests. This website uses "cookies" to distinguish you from other users. A cookie is a small file of letters and numbers placed on your computer or device. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services. The cookies are stored locally on your computer or mobile device. To accept cookies you can continue browsing as normal. Or you can go to our Privacy Policy to read more information and learn how to change your preferences.

Requirements

10+ years of related experience, including at least 3 years in an architect-level role.
Bachelor’s degree in a related field, or equivalent combination of training and experience.
Strong proficiency in at least one modern programming language.
Deep understanding of application development, build processes, and deployment pipelines.
Experience with cloud platforms and serverless architectures (AWS preferred).
Hands-on experience with CI/CD pipelines and Application Security scanning tools.

Nice To Haves

Relevant certifications in application development, security, DevSecOps, or cloud are a plus.

Responsibilities

Own operational health for Application Security platforms, including SLIs/SLOs, error budgets, and reliability dashboards.
Lead incident response, postmortems, and root cause analysis; ensure corrective actions are implemented.
Govern SLA/PLA compliance and maintain operational readiness across AppSec services.
Develop, test, and maintain incident response and continuity plans for Application Security operations.
Partner with developers through pair programming, coaching, and secure coding enablement.
Integrate DevEx and CSAT insights into dashboards to improve developer and client experiences.
Continuously evaluate DevSecOps tools, workflows, and architectures to eliminate friction and improve efficiency.
Create feedback loops with the developer community to drive iterative enhancements to DevSecOps processes and tooling.
Strengthen resilience and scalability of AppSec tools, orchestration platforms, and assurance workflows.
Assess and optimize scanning coverage, identifying gaps and recommending new tools and processes.
Guide teams on integrating security into CI/CD pipelines using industry best practices.
Support modernization initiatives, including AI/ML scanning, software supply chain security, and unified vulnerability management.
Govern SOPs for all Application Security services and drive standardization across the organization.
Collaborate with ES&F, CTO pipeline teams, and DevSecOps leadership on short- and long-term strategy.
Identify automation opportunities to expand scale, reduce toil, and improve reliability.
Provide thought leadership, contribute to Agile planning, and support enterprise-wide transformation efforts.