Threat Emulation and Exploit Engineer, Senior Specialist

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource - by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core

Threat Emulation and Exploit Engineer, Senior Specialist:

• Leads and responds to escalated cyber security alerts, cyber incidents, or related security investigations. Identifies real-time complex attack patterns and develops mitigation strategies.
• Leads the processes, tools and measures to monitor and detect compromises, risks, vulnerabilities, network security threats, tools and tactics used by modern and emerging threat actors. Facilitates security operations and incident response technologies and methodologies.
• Develops, manages, maintains and enhances security controls (alerts, rules, policies, and signatures) for the security platforms.
• Conducts threat modeling exercises by leveraging threat intelligence frameworks. Orchestrates threat hunts in coordination with department and divisional partners to determine gaps in existing security controls.
• Ensures proper defense depth design, configurations, and best practice for preventive solutions pertaining to the network environment for new and evolving cyber threats. Identifies malicious activity by performing analysis on logs, traffic flows, and other investigative detective activities.
• Conducts penetration testing, vulnerability assessments, and threat modeling. Evaluates risks and makes recommendations.
• Provides written assessments focused on threats, vulnerabilities, and technologies relevant to Vanguard Infrastructure.
• Leads with IT and business teams to ensure prompt and effective distribution of findings so incidents are addressed in the most effective and efficient manner possible. Provides department support to the business on enterprise wide security initiatives and projects.
• . Mentor junior team members to improve their technical acumen
• Participates in special projects and performs other duties as assigned.

What it takes:

• Minimum of eight years related work experience.
• Undergraduate degree or equivalent combination of training and experience required. Graduate degree preferred.
• Must be obtain CISSP within one year of hire.
• OSCP Required
• Active Directory Penetration Testing
• Security Controls Evasion
• Performing Adversary Emulations

Special Factors

Sponsorship
Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission-we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.