Duties and Responsibilities
Aggregate and normalize vulnerability data from diverse sources into a unified vulnerability platform (UVM).
Experience with integrating self-hosted and SaaS-based applications via APIs. Expertise utilizing native API integrations and developing custom integrations (via code or scripts).
Collaborate with product owners (Vulnerability Management, DevSecOps, Cloud Security, etc.) to ensure the collection, quality, normalization, and enrichment of vulnerability data.
Apply standardized vulnerability severity scoring and customize it to reflect business context and risk appetite.
Develop and maintain centralized dashboards to visualize risk posture across applications and environments. To include custom dashboards for different stakeholder types (executives, business owners, and resource owners).
Collaborate with Technical Security Advisors and BISOs to maintain and improve risk reporting (visualizations, dashboards, reports, notifications, etc.).
Improve exception workflows through UVM integrations with workload mgmt./ticketing systems.
Build and maintain RBAC to the UVM platform (dashboards, reports, etc.).
Define and enforce remediation SLAs and shift-left prevention policies.
Support operational workflows for risk acceptance, false positives, and severity overrides.
Participate in recurring vulnerability oversight meetings and provide actionable insights.
Contribute to the development of vulnerability lifecycle processes and automation strategies.
Maintain comprehensive documentation of technology, projects, processes, etc.
Stay up to date on security practices and standards; participate in educational opportunities; read professional publications.
Participate in special projects and other duties as assigned.
Qualifications
Undergraduate degree in IT or cybersecurity is preferred.
3-5 years of experience in vulnerability management.
Hands-on experience with unified vulnerability management (UVM) solutions (e.g., ArmorCode, Wiz).
Strong understanding of OWASP Top 10, CVE, CVSS, NVD, and other vulnerability standards.
Experience with programming and scripting languages (e.g., Python, PowerShell) is preferred.
Familiarity with data engineering solutions (e.g., Athena, Tableau), workload management solutions (e.g., Jira, ServiceNow), version control and pipeline solutions (e.g., Bamboo, GitHub), and IaC solutions (e.g., Terraform, Ansible).
Knowledge of application development, build, and deployment processes (development, IDEs, repositories, branching, pipelines, cloud, containers, serverless, etc.).
Professional certifications such as CISSP, CCSP, or Security+ a plus.
Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.About Vanguard
At Vanguard, we don't just have a mission—we're on a mission.
To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.