Apply Now

DevSecOps SCA Tech Lead

• Posted 2 days ago • Updated 2 days ago

Full Time

On-site

Fitment

Dice Job Match Score™

🤯 Applying directly to the forehead...

Job Details

Skills

Team Leadership
Roadmaps
Software Development Methodology
Optimization
Vulnerability Management
Workflow
Process Improvement
Scalability
Leadership
IT Management
Mentorship
SEC
Management
Documentation
Open Source
Software Security
SCA
Onboarding
Application Development
Continuous Integration
Continuous Delivery
OWASP
DevSecOps
Cloud Computing
Finance
Collaboration

Summary

{"description": " Core Responsibilities

Serve as the technical lead and subject matter expert for Software Composition Analysis (SCA), partnering closely with the AppSec team lead and manager to execute strategy and roadmap for open-source and dependency security across the SDLC.
Lead the design, configuration, and continuous optimization of SCA tooling, including policy definition, risk and reachability tuning, and CI/CD integration at scale.
Drive risk-based vulnerability management for open-source dependencies, providing guidance on prioritization, remediation approaches, and risk acceptance decisions.
Define and maintain standards, guardrails, and best practices for open-source usage, including approved dependency policies, vulnerability thresholds, and exception workflows.
Act as the primary point of contact for SCA, collaborating with application teams, platform teams, App Sec peers, and other security stakeholders to ensure alignment and effective execution.
Participate in an on-call rotation to support application security tooling, assist developers, and respond to security threat events when required.
Champion a developer-first experience by improving signal quality, reducing noise, and delivering clear, actionable remediation guidance aligned with engineering workflows.
Identify, design, and implement automation and process improvements to enhance dependency visibility, response times, and program scalability.
Define, track, and communicate key metrics and insights related to open-source risk, remediation effectiveness, and SCA program maturity to stakeholders and leadership.
Provide technical leadership and mentorship to App Sec engineers and development teams on secure dependency management and emerging open-source risks.
Maintain comprehensive documentation for SCA technologies, processes, and standards; stay current on industry trends, tooling, and open-source security threats.
Participate in strategic initiatives and cross-functional efforts to advance the broader Application Security program.

Qualifications

Bachelor's degree in a related field or equivalent experience
Hands-on experience deploying and operating SCA/SAST tools, including onboarding, auth setup, and CI/CD integration
Experience with additional AppSec tools (Secret Scanning, IAST, DAST, etc.)
Strong understanding of modern application development and delivery (IDEs, repos, CI/CD, cloud, containers, serverless)
Working knowledge of NIST, OWASP, and MITRE frameworks
AppSec, DevSecOps, cloud, or development certifications a plus

Special Factors

Sponsorship
Vanguard is offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission-we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.", "salary_raw": "Row(double=None, string=None)"}

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: 90922487
Position Id: 24113368
Posted 2 days ago

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

DevSecOps Tech Lead

Malvern, Arkansas

•

2d ago

{"description": " Core Responsibilities Provide technical and delivery leadership for the Application Security - DevSecOps Foundations team, spanning SAST, SCA, secrets scanning, and emerging application security capabilities. Partner with individual domain leads (SAST, SCA, Engineering, etc.) to balance priorities, unblock work, and ensure consistent collaboration and execution across the team. Support the manager through execution, planning, stakeholder communication, and operational leadershi

Full-time

DevSecOps Specialist

Malvern, Arkansas

•

2d ago

{"description": "Core Responsibilities Secure the software development lifecycle (SDLC) by applying application development, deployment, and security expertise. Operate, configure, and continuously improve application security tooling, with a primary focus on SAST and SCA, including policy tuning and integration into CI/CD pipelines. Identify, analyze, and triage application security vulnerabilities; apply risk-based prioritization and work with engineering teams to drive timely remediation. Col

Full-time

Application Security Tech Lead

Malvern, Arkansas

•

4d ago

{"description": " Duties and Responsibilities: Provide technical and delivery leadership for the Application Security - DevSecOps Team, spanning API, DAST, container security, and emerging application security capabilities. Partner with individual domain leads (API, DAST, Container, etc.) to balance priorities, unblock work, and ensure consistent collaboration and execution across the team. Support the manager through execution, planning, stakeholder communication, and operational leadership;

Full-time

DevSecOps Engineer

Malvern, Arkansas

•

Yesterday

{"description": "Core Responsibilities Design, implement, test, and maintain application security tooling and integrations across the software development lifecycle, with a focus on reliability, scalability, and performance. Build, enhance, and operate CI/CD pipeline integrations for application security scanning, ensuring consistent execution and minimal impact to developer workflows. Develop and maintain monitoring, alerting, and operational controls for application security platforms to ensur

Full-time

Search all similar jobs