Software Supply Chain Security Specialist

The Vanguard Group

Charlotte, Pennsylvania

JOB DETAILS
SKILLS
Automation, Computer Security, Continuous Deployment/Delivery, Continuous Integration, Error Handling, Inventory Management, Java, Machine Tool, Metrics, Open Source, Policy Development, Python Programming/Scripting Language, Risk, Scripting (Scripting Languages), Service Level Agreement (SLA), Supply Chain, Team Player
LOCATION
Charlotte, Pennsylvania
POSTED
8 days ago

Core Responsibilities

  • Define and own enterprise software supply chain security strategy, roadmap, and governance

  • Establish policies and guardrails for SBOM, artifact signing, provenance, and dependency usage

  • Embed security controls across SDLC, CI/CD pipelines, and artifact repositories

  • Implement and enforce SBOM generation, validation, and artifact integrity controls

  • Collaborate with stakeholders and lead risk-based vulnerability management for open-source and third‑party components

  • Collaborate with stakeholders and define remediation workflows, SLAs, and exception handling for supply chain risks

  • Own tooling strategy for SCA, container scanning, and supply chain security automation

  • Integrate and optimize security tooling within CI/CD for scalable enforcement

  • Maintain inventory and visibility of dependencies, SBOMs, and third-/fourth-party exposure

  • Partner with AppSec, DevSecOps, and platform teams to drive secure development adoption

  • Enable developers via playbooks, guardrails, and self-service secure consumption patterns

  • Define metrics and report on supply chain risk posture, remediation effectiveness, and maturity

Nice-to-Have

  • Experience with AI/ML pipeline security

  • Exposure to AIBOM / advanced SBOM evolution

  • Knowledge of zero-trust supply chain models

Qualifications

  • Minimum of five years related work experience.

  • Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.

  • 7–10+ years in AppSec / DevSecOps / platform security

  • Hands-on experience with SCA + pipeline security

  • Certifications preferred (CISSP, CSSLP, AAISM or equivalent etc.)

  • Programming/scripting (Python, Java, YAML)

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.

About the Company

T

The Vanguard Group