Application Security Specialist

About the position The Application Security team is responsible for the solutions and processes that secure Vanguard applications and operations. As an Application Security Specialist, you will play a pivotal role in ensuring the security and compliance of the Vanguard software development lifecycle (SDLC). You will help develop strategy, implement new technology, maintain technical controls, assess vulnerabilities, and collaborate with developers to ensure that the proper guardrails are in place to enable the continuous and secure delivery of applications. This Hybrid role (in office Tues-Wed-Thurs) can be based in either Charlotte, NC, Dallas, TX, or Malvern, PA (HQ). Responsibilities • Utilize application development, deployment, and security experience to help guide Application Security strategy and secure the software development lifecycle (SDLC). • Utilize current and emerging security technologies to identify, assess, and remediate application vulnerabilities (SAST, SCA, IAST, DAST, Containers, etc.). • Configure and onboard teams to dynamic scanning tools across CI/CD environments, including the management of authentication and integration of DAST scanners with target applications and platforms. • Design, implement, and continuously refine API security requirements and architecture patterns that proactively address emerging threats and align with enterprise security and system design principles. • Ensure the proper implementation, coverage, and function of the application security solutions. • Develop and implement strategies to secure current and emerging technologies (cloud, containers, serverless, mobile, AI/ML, etc.). • Conduct in-depth analysis of vulnerabilities in software and application deployment processes, proposing and implementing remediation measures. • Identify and execute opportunities to automate Application Security processes to improve the efficiency and effectiveness of security measures. • Gather and report metrics from application security solutions and processes to provide meaningful insights into the maturity of the Application Security program. • Collaborate with developer community and enhance their experience in remediating SDLC security vulnerabilities. • Provide guidance and training to development and cloud engineering teams on secure coding and deployment best practices. • Stay up to date on application security practices and standards; participate in educational opportunities; read professional publications. • Maintain comprehensive documentation of technology, projects, processes, etc. • Participate in special projects and other duties as assigned. Requirements • Undergraduate degree in a related field or equivalent combination of training and experience. • Strong experience deploying and operating DAST tools to include managing team onboarding, authentication setup, and CI/CD integration. • Experience with other well-known application security tools (SAST, SCA, IAST, RASP, etc.). • Strong knowledge of application development, build, and deployment processes (development, IDEs, repositories, branching, pipelines, cloud, containers, serverless, etc.). • Familiarity with industry standards such as NIST, OWASP, and MITRE. Nice-to-haves • Relevant certifications in application development, security, application security, DevSecOps, or cloud are a plus. Apply tot his job