Core Responsibilities

• Define and own enterprise software supply chain security strategy, roadmap, and governance

• Establish policies and guardrails for SBOM, artifact signing, provenance, and dependency usage

• Embed security controls across SDLC, CI/CD pipelines, and artifact repositories

• Implement and enforce SBOM generation, validation, and artifact integrity controls

• Collaborate with stakeholders and lead risk-based vulnerability management for open-source and third‑party components

• Collaborate with stakeholders and define remediation workflows, SLAs, and exception handling for supply chain risks

• Own tooling strategy for SCA, container scanning, and supply chain security automation

• Integrate and optimize security tooling within CI/CD for scalable enforcement

• Maintain inventory and visibility of dependencies, SBOMs, and third-/fourth-party exposure

• Partner with AppSec, DevSecOps, and platform teams to drive secure development adoption

• Enable developers via playbooks, guardrails, and self-service secure consumption patterns

• Define metrics and report on supply chain risk posture, remediation effectiveness, and maturity

Nice-to-Have

• Experience with AI/ML pipeline security

• Exposure to AIBOM / advanced SBOM evolution

• Knowledge of zero-trust supply chain models

Qualifications

• Minimum of five years related work experience.

• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.

• 7–10+ years in AppSec / DevSecOps / platform security

• Hands-on experience with SCA + pipeline security

• Certifications preferred (CISSP, CSSLP, AAISM or equivalent etc.)

• Programming/scripting (Python, Java, YAML)

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.