Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities.

The Application Engineering Technical Lead - II will provide expert level IT technical lead services, including the direction, evaluation, selection, configuration, implementation, resiliency and integration of new and existing application security technologies and tools.

• Provides expert level IT technical lead services and direction for critical DevSecOps services, tools, and processes. Provides technical expertise and completes complex development, design, implementation, architecture design specification, and maintenance activities.
• Identifies opportunities for continuous quality improvement of DevSecOps technical standards, methodologies, and technologies.
• Participates in design, code, and test inspections throughout product life cycle to identify issues. Participates as a technical consultant at other project meetings. Presents technical status and issues at milestone reviews.
• Thoroughly understands and complies with Information Technology and Information Security policies and procedures and verifies that deliverables meet requirements.
• Leads quality initiatives to improve the delivery of service levels. Works with leadership team in the planning, development, and execution of short and long term goals.
• Presents status, metrics, and department initiatives at meetings with management and project peers. Maintains relationships with technical teams, IT, security, and business partners.
• Builds proactive monitoring and alerting into the DSO Engineering tools and processes to minimize the downtime to developer community.
• Works closely with other DevSecOps teams and CTO office to integrate existing and new DevSecOps tools into CICD pipelines.
• Works closely with other DevSecOps teams and leadership to bring application security scanning close to developers to enhance developer experience and increase productivity.
• Continuously evaluates the Vanguard's application security scanning requirements, propose ideas/solutions, and work with leadership to bridge those gaps to protect Vanguard applications.
• Acts as an industry expert in application security practices and standards such as SAST, SCA, IAST, DAST, software-supply-chain, etc. and guide the team to mature the DevSecOps program.
• Helps and guides the DevSecOps Engineering team towards the technology initiatives such as AI/ML scanning, software-supply-chain, Unified Vulnerability Management platform, etc.
• Identify the opportunities to automate the DevSecOps processes and guide the team to improve efficiency and achieve scalability.
• Have experience in one or more cloud providers (preferably AWS) and provides direction and guidance to team on cloud security engineering.
• Ensures the viability of IT deliverables. Recommends development options and approves the team's technical deliverables. Conducts testing, including functionality, technical limitations, and security.
• Identifies potential solutions and approves technical solutions proposed by team members. Elevates complex technical issues to IT experts. Resolves technical problems discovered by testers and internal clients. Responds to and resolves technical issues in a timely manner. Research issues and performs root cause analysis. Anticipates technology problems and prevents them.
• Communicates with key stakeholders on project issues and implications. Evaluates the impacts of change requests on technologies and effectively persuades and influences others on ideas.
• Maintains a current and working knowledge of IT development methodology, architecture design, and technical standards. Mentors IT staff and identifies training needs. As new standards are instituted, ensures their usage by team members. Reviews and approves documentation and diagrams created by IT team members. Writes documentation, including technical standards and processes.
• Participates in special projects and performs other duties as assigned.

• Minimum of eight years related work experience, with at least three years of development experience.
• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.