Software Supply Chain Security Specialist

Vanguard Group, Inc.

$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Minimum of five years of related work experience.
  • Undergraduate degree or equivalent combination of training and experience; graduate degree preferred.
  • 7-10+ years in Application Security (AppSec), DevSecOps, or platform security.
  • Hands-on experience with Software Composition Analysis (SCA) and pipeline security.
  • Preferred certifications include CISSP, CSSLP, or AAISM.
  • Proficiency in programming/scripting languages such as Python, Java, or YAML.

Responsibilities

  • Define and manage the enterprise software supply chain security strategy.
  • Establish and enforce policies for Software Bill of Materials (SBOM) and artifact integrity.
  • Embed security controls throughout the Software Development Lifecycle (SDLC) and CI/CD processes.
  • Implement SBOM generation and validation protocols.
  • Lead collaboration with stakeholders on vulnerability management for third-party components.
  • Develop remediation workflows and exception handling procedures for supply chain risks.
  • Own the tooling strategy for supply chain security automation.

Benefits

  • Flexible working arrangements to promote work-life balance.
  • Comprehensive health and wellness programs.
  • Opportunities for professional development and continuous education.
  • Inclusive company culture focused on teamwork and innovation.
Full Job Description
Core Responsibilities

  • Define and own enterprise software supply chain security strategy, roadmap, and governance
  • Establish policies and guardrails for SBOM, artifact signing, provenance, and dependency usage
  • Embed security controls across SDLC, CI/CD pipelines, and artifact repositories
  • Implement and enforce SBOM generation, validation, and artifact integrity controls
  • Collaborate with stakeholders and lead risk-based vulnerability management for open-source and third-party components
  • Collaborate with stakeholders and define remediation workflows, SLAs, and exception handling for supply chain risks
  • Own tooling strategy for SCA, container scanning, and supply chain security automation
  • Integrate and optimize security tooling within CI/CD for scalable enforcement
  • Maintain inventory and visibility of dependencies, SBOMs, and third-/fourth-party exposure
  • Partner with AppSec, DevSecOps, and platform teams to drive secure development adoption
  • Enable developers via playbooks, guardrails, and self-service secure consumption patterns
  • Define metrics and report on supply chain risk posture, remediation effectiveness, and maturity


Nice-to-Have
  • Experience with AI/ML pipeline security
  • Exposure to AIBOM / advanced SBOM evolution
  • Knowledge of zero-trust supply chain models


Qualifications
  • Minimum of five years related work experience.
  • Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
  • 7-10+ years in AppSec / DevSecOps / platform security
  • Hands-on experience with SCA + pipeline security
  • Certifications preferred (CISSP, CSSLP, AAISM or equivalent etc.)
  • Programming/scripting (Python, Java, YAML)

Special Factors

Sponsorship
Vanguard is not offering visa sponsorship for this position.

Similar Jobs

More Jobs at Vanguard Group, Inc.

More Information Technology Jobs

Find similar Software Supply Chain Security Specialist jobs: