Technical Risk Assurance Analyst, Specialist

Vanguard•Fort Worth, TX

4d•Hybrid

About The Position

At Vanguard, we don't just have a mission—we're on a mission. To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best. How We Work Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience. About Us Vanguard, one of the world's largest investment management companies, serves individual investors, institutions, employer-sponsored retirement plans, and financial professionals. We have a diverse and talented crew with a culture that promotes teamwork, along with an unwavering focus on serving our clients' best interests. This website uses "cookies" to distinguish you from other users. A cookie is a small file of letters and numbers placed on your computer or device. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services. The cookies are stored locally on your computer or mobile device. To accept cookies you can continue browsing as normal. Or you can go to our Privacy Policy to read more information and learn how to change your preferences.

Requirements

Minimum four years related work experience.
Undergraduate degree in related field or equivalent combination of training and experience.

Nice To Haves

Experience in IT security or application development preferred.
Preferred security certification such as ISC2 CISSP, GIAC Security, Essentials Certification (GSEC), GIAC Penetration Tester Certification (GPEN), GIAC Web App Pen Tester (GWPN), or Certified Ethical Hacker (CEH)

Responsibilities

Conducts security assessments to measure the adequacy of existing information security controls. Identifies potential and actual system vulnerabilities and emerging strategic security needs, and recommends corrective measures.
Consults with IT sub-divisions, third party partners, and business units in defining standard consistent reporting formats and providing standard data reports.
Participates and documents evaluation and assessment of security requirements for data systems, networks, or websites.
Leads technical support for assessments of assets, risks, and the implementation of appropriate data security procedures and products.
Assists in the review, development, testing, and implementation processes for security plans, risk assessments, products and control techniques.
Administers asset inventory and assessment schedules, and provides metrics on security consulting resources, assists with managing vendor relationships.
Participates in special projects and performs other duties as assigned.
Led hands-on application security execution across SAST, SCA, and DAST, using prior experience to guide the team and consistently deliver on critical priorities.
Drove onboarding and configuration of Application Security(AppSec) scanning tools for SAST, SCA across CI/CD environments, including authentication setup and integration with target applications.
Designed and refined DAST, API, Containers security requirements and architecture patterns, aligning with enterprise design principles and emerging threat models.
Performed deep vulnerability analysis and remediation guidance, working directly with developers to resolve issues efficiently across the SDLC.
Advanced Application Security modernization efforts, bringing external AppSec expertise while applying strong knowledge of internal Vanguard processes to modernize SAST, SCA, and onboarding DAST tooling.
Focused on automation, metrics, and developer experience, improving AppSec coverage, reporting maturity, and reducing friction for engineering teams.