Senior Application Security Specialist

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions. Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape. Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core. Duties and Responsibilities: Play a leading role in defining the vision, strategy, and roadmap for security orchestration, ensuring it evolves to meet enterprise security needs and developer expectations. Drive initiatives to achieve maximum scan coverage across repositories, proactively identifying gaps and implementing scalable solutions to close them. Develop strategies to secure current and emerging technologies (cloud, containers, serverless, mobile, AI/ML, etc.). Champion a frictionless developer experience by streamlining scan workflows and integrating feedback loops to continuously improve usability. Partner with the broader security organization to align our security orchestration capabilities with organizational goals, ensuring seamless integration in the CI/CD pipeline. Actively participate in epic/story grooming and retrospectives. Contribute to code reviews, complete development stories, and help evolve the team’s technical capabilities through hands-on collaboration and coding. Gather and report metrics from application security solutions and processes to provide meaningful insights into the maturity of the Application Security program. Stay up to date on application security practices and standards; participate in educational opportunities; read professional publications.