DevSecOps Tech Lead

Core Responsibilities

• Lead the design and execution of enterprise-wide Software Composition Analysis (SCA) and software supply chain security strategy across all applications and platforms.

• Own end-to-end open-source risk management, including vulnerability detection, prioritization, and remediation of third-party dependencies.

• Define and enforce security policies aligned with industry standards such as OWASP and NIST (SSDF), ensuring secure software development practices.

• Integrate SCA tooling into CI/CD pipelines and developer workflows to enable automated, shift-left security controls.

• Drive implementation and adoption of Software Bill of Materials (SBOM) standards (e.g., Cyclone,DX, SPDX) for full dependency visibility.

• Secure the software supply chain by implementing controls for artifact integrity, provenance, and signed builds, aligned with OpenSSF frameworks (e.g., SLSA).

• Lead response and mitigation efforts for critical supply chain vulnerabilities (e.g., zero-day dependency risks), ensuring rapid impact analysis and remediation.

• Establish governance over artifact repositories and package registries, enforcing version control, trusted sources, and secure publishing practices.

• Define and track key security metrics (e.g., vulnerability MTTR, coverage, policy compliance) and present insights to senior leadership.

• Mentor a team of security engineers while partnering with engineering, DevOps, and product teams to drive scalable, developer-friendly security solutions.

Qualifications

• Bachelor’s degree in a related field or equivalent experience

• Hands-on experience deploying and operating SCA/SAST tools, including onboarding, auth setup, and CI/CD integration

• Experience with additional AppSec tools (Secret Scanning, IAST, DAST, etc.)

• Strong understanding of modern application development and delivery (IDEs, repos, CI/CD, cloud, containers, serverless)

• Working knowledge of NIST, OWASP, and MITRE frameworks

• AppSec, DevSecOps, cloud, or development certifications a plus

Special Factors

Sponsorship

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.