DevSecOps Lead

DevSecOps Lead

Vanguard

Malvern, PA 19355

Posted 8 months ago

  • Job Type(s)

    Full Time
  • Industry

    Technology
  • Job Description

    DevSecOps Lead

    As a DevSecOps Lead at Vanguard, you will pioneer industry-leading technologies and toolsets to enable our developers to innovate in record time. We are looking for an experienced DevSecOps Lead who will bring a vision to the role and have a strong background in partnering with other departments, primarily non-engineering teams, to develop DevSecOps practices. Utilizing your broad expertise in DevSecOps, security standards, practices, tools, and technologies applicable to online financial services with extensive integrations with third-party systems.

    Our industry, now more than ever, is built upon the principles of rapid innovation, agile development and testing, continuous deployment, and ultimately faster time to market for applications. The DevSecOps team at Vanguard is a core driver of these principles. The team is searching for a DevSecOps Lead with proven experience in owning projects, identifying, and leading implementation of new technology, developing standards, and mentoring team members. DevSecOps is central to the entire department's operations, and as such, the successful candidate will have input to technology and implementation decisions across the organization.

    In this role, you will:

    • Design, build and maintain continuous integration/continuous delivery (CI/CD) pipelines with embedded security testing to effectively secure and deploy cloud-based (Azure or AWS) workloads.
    • Design infrastructure and implement automation using infrastructure-as-code solutions. Build automation for routine, simple, and complex tasks.
    • Lead improving the infrastructure to ensure high availability and performance of software components.
    • Work with developers to establish NoOps culture, empowering developers with next-generation self-service options.
    • Collaborate with developers to evaluate tool requirements, then drive the implementation, documentation, maintenance, and improvement of these tools.
    • Create, manage, and utilize appropriate technical procedural documentation (best practices, blueprints, runbooks, etc.)
    • Design, deploy, manage, and improve critical security infrastructure services/tools for authentication and authorization, secrets management, logging, detection, vulnerability management, and application security.
    • Ensure technology implementation and product development methodology aligns with information security policies and improves security posture.
    • Responsible for threat management, security monitoring, trend correlation, and incident management, including security violations and exceptions.
    • Provide recommendations on security requirements to be included in product design and security testing.
    • Provide recommendations to the Risk Management Framework process activities and related documentation.
    • Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate.
    • Assess risk arising from third parties, vendors, and partners in our ecosystem and design controls to mitigate such risks.
    • Mentor junior level team members and assist when needed.
    • Design and implement cyber security and operations procedures, tasks, and reports. Identify process gaps and recommend solutions to improve workflow and mitigate risk.
    • Serve as a security expert in application development, database design, network, and/or platform (operating system) efforts, helping security project teams comply with enterprise and IT security policies, industry regulations, and best practices.


    What it Takes:

    • 3+ years of hands-on security experience, Undergraduate degree in Computer Science
    • 3 to 5 years experience with ITIL, DevOps or SRE practices
    • 3 to 5 years experience working in Service Now
    • 3+ years experience with Splunk,App Dynamics, Honeycomb,NewRelic, DataDog monitoring and alerts.
    • Must have hands-on expertise operating in an AWS environment with proficiency in architecture and security capabilities in the cloud.
    • Proficiency in multiple security domains such as intrusion detection, incident response and malware analysis
    • A strong desire to minimize the operational overhead of systems, large and small.
    • Experience with various public cloud services using AWS / Azure / GCP
    • Presenting to senior leaders and generating executive updates and roadmaps
    • Strong communication and influencing skills. Demonstrated success at partnering, prioritizing, and balancing needs cross-functionally.
    • Experience in security incident response

    Special Factors

    Sponsorship

    Vanguard is not offering visa sponsorship for this position.

    About Vanguard

    We are Vanguard. Together, were changing the way the world invests.

    For us, investing doesnt just end in value. It starts with values. Because when you invest with courage, when you invest with clarity, and when you invest with care, you can get so much more in return. We invest with purpose and thats how weve become a global market leader. Here, we grow by doing the right thing for the people we serve. And so can you.

    We want to make success accessible to everyone. This is our opportunity. Lets make it count.

    Inclusion Statement

    Vanguards continued commitment to diversity and inclusion is firmly rooted in our culture. Every decision we make to best serve our clients, crew (internally employees are referred to as crew), and communities is guided by one simple statement: Do the right thing.

    We believe that a critical aspect of doing the right thing requires building diverse, inclusive, and highly effective teams of individuals who are as unique as the clients they serve. We empower our crew to contribute their distinct strengths to achieving Vanguards core purpose through our values.

    When all crew members feel valued and included, our ability to collaborate and innovate is amplified, and we are united in delivering on Vanguard's core purpose.

    Our core purpose: To take a stand for all investors, to treat them fairly, and to give them the best chance for investment success.

    How We Work

    Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.