Core Responsibilities
- Define and own enterprise software supply chain security strategy, roadmap, and governance
- Establish policies and guardrails for SBOM, artifact signing, provenance, and dependency usage
- Embed security controls across SDLC, CI/CD pipelines, and artifact repositories
- Implement and enforce SBOM generation, validation, and artifact integrity controls
- Collaborate with stakeholders and lead risk-based vulnerability management for open-source and third-party components
- Collaborate with stakeholders and define remediation workflows, SLAs, and exception handling for supply chain risks
- Own tooling strategy for SCA, container scanning, and supply chain security automation
- Integrate and optimize security tooling within CI/CD for scalable enforcement
- Maintain inventory and visibility of dependencies, SBOMs, and third-/fourth-party exposure
- Partner with AppSec, DevSecOps, and platform teams to drive secure development adoption
- Enable developers via playbooks, guardrails, and self-service secure consumption patterns
- Define metrics and report on supply chain risk posture, remediation effectiveness, and maturity
Nice-to-Have
- Experience with AI/ML pipeline security
- Exposure to AIBOM / advanced SBOM evolution
- Knowledge of zero-trust supply chain models
Qualifications
- Minimum of five years related work experience.
- Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
- 7-10+ years in AppSec / DevSecOps / platform security
- Hands-on experience with SCA + pipeline security
- Certifications preferred (CISSP, CSSLP, AAISM or equivalent etc.)
- Programming/scripting (Python, Java, YAML)
Special FactorsSponsorshipVanguard is not offering visa sponsorship for this position.