DevSecOps SCA Tech Lead

Core Responsibilities

• Serve as the technical lead and subject matter expert for Software Composition Analysis (SCA) partnering closely with the AppSec team lead and manager to execute strategy and roadmap for open-source and dependency security across the SDLC.

• Lead the design configuration and continuous optimization of SCA tooling including policy definition risk and reachability tuning and CI/CD integration at scale.

• Drive risk-based vulnerability management for open-source dependencies providing guidance on prioritization remediation approaches and risk acceptance decisions.

• Define andmaintainstandards guardrails and best practices for open-source usage including approved dependency policies vulnerability thresholds andexceptionworkflows.

• Act as the primary point of contact for SCA collaborating with application teams platform teams App Sec peers and other security stakeholders to ensure alignment and effective execution.

• Participate in an on-call rotation to support application security toolingassistdevelopers and respond to security threat events whenrequired.

• Championa developer-first experience by improving signal quality reducing noise and delivering clear actionable remediation guidance aligned with engineering workflows.

• Identify design and implement automation and process improvements to enhance dependency visibility response times and program scalability.

• Define track and communicate key metrics and insights related to open-source risk remediation effectiveness and SCA program maturity to stakeholders and leadership.

• Provide technical leadership and mentorship to App Sec engineers and development teams on secure dependency management and emerging open-source risks.

• Maintain comprehensive documentation for SCA technologies processes and standards; stay current on industry trends tooling and open-source security threats.

• Participate in strategic initiatives and cross-functional efforts to advance the broader Application Security program.

Qualifications

• Bachelors degree in a related field or equivalent experience

• Hands-on experience deploying and operating SCA/SAST tools including onboarding auth setup and CI/CD integration

• Experience with additional AppSec tools (Secret Scanning IAST DAST etc.)

• Strong understanding of modern application development and delivery (IDEs repos CI/CD cloud containers serverless)

• Working knowledge of NIST OWASP and MITRE frameworks

• AppSec DevSecOps cloud or development certifications a plus

Special Factors

Sponsorship

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.