Software Supply Chain Security Specialist

Vanguard Group, Inc.

$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Minimum of five years related work experience.
  • Undergraduate degree or equivalent; graduate degree preferred.
  • 7-10+ years in AppSec, DevSecOps, or platform security.
  • Hands-on experience with software composition analysis and pipeline security.
  • Preferred certifications include CISSP, CSSLP, AAISM, or equivalent.
  • Proficiency in programming/scripting languages like Python, Java, and YAML.

Responsibilities

  • Define and own enterprise software supply chain security strategy and governance.
  • Establish policies for Software Bill of Materials (SBOM) and artifact security.
  • Embed security controls across software development lifecycle and CI/CD pipelines.
  • Implement SBOM generation and artifact integrity controls.
  • Lead risk-based vulnerability management for open-source and third-party components.
  • Collaborate with stakeholders to define remediation workflows for supply chain risks.
  • Own tooling strategy for software composition analysis and container scanning.
Full Job Description
Core Responsibilities

  • Define and own enterprise software supply chain security strategy, roadmap, and governance
  • Establish policies and guardrails for SBOM, artifact signing, provenance, and dependency usage
  • Embed security controls across SDLC, CI/CD pipelines, and artifact repositories
  • Implement and enforce SBOM generation, validation, and artifact integrity controls
  • Collaborate with stakeholders and lead risk-based vulnerability management for open-source and third-party components
  • Collaborate with stakeholders and define remediation workflows, SLAs, and exception handling for supply chain risks
  • Own tooling strategy for SCA, container scanning, and supply chain security automation
  • Integrate and optimize security tooling within CI/CD for scalable enforcement
  • Maintain inventory and visibility of dependencies, SBOMs, and third-/fourth-party exposure
  • Partner with AppSec, DevSecOps, and platform teams to drive secure development adoption
  • Enable developers via playbooks, guardrails, and self-service secure consumption patterns
  • Define metrics and report on supply chain risk posture, remediation effectiveness, and maturity


Nice-to-Have
  • Experience with AI/ML pipeline security
  • Exposure to AIBOM / advanced SBOM evolution
  • Knowledge of zero-trust supply chain models


Qualifications
  • Minimum of five years related work experience.
  • Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
  • 7-10+ years in AppSec / DevSecOps / platform security
  • Hands-on experience with SCA + pipeline security
  • Certifications preferred (CISSP, CSSLP, AAISM or equivalent etc.)
  • Programming/scripting (Python, Java, YAML)

Special Factors

Sponsorship
Vanguard is not offering visa sponsorship for this position.

Similar Jobs

More Jobs at Vanguard Group, Inc.

More Information Technology Jobs

Find similar Software Supply Chain Security Specialist jobs: