Key skills
Cyber SecuritySDLCRisk Management
About this role
Role Overview
- Maintain the Secure Developer Scorecard: Assist in the creation, evolution, and ongoing management of a secure developer scorecard that measures developer successes and failures in secure coding practices
- Help ensure the scorecard reflects key metrics such as vulnerability prevention, SDLC adherence, time spent on secure coding, and alignment with Vanguard-specific expectations
- Support the Discovery of Community Bottlenecks: Proactively engage with the developer community to identify bottlenecks, frustrations, and barriers that delay code merges to production or lead to the dismissal of secure coding governance
- Analyze feedback and data to pinpoint areas for improvement
- Support Developer Engagement and Feedback Loops: Facilitate regular sessions with developers to listen, gather insights, and foster open dialogue about secure development challenges
- Act as a liaison to gather developer input and share insights with the security and product teams
- Support the Creation of Business Cases for Secure Development Process Improvements: Translate developer feedback and scorecard insights into actionable business cases for process, tooling, or cultural changes
- Support business case development by organizing feedback, drafting summaries, and preparing presentation materials for the Specialist/Manager
- Conduct Learning and Awareness Activities: Develop and deliver targeted learning sessions, workshops, and awareness campaigns to promote secure coding practices and SDLC governance within the developer community
Requirements
- Minimum 5 years of related work experience
- Undergraduate degree in Computer Science, Information Technology, Cybersecurity, Information Systems, or a related field
- Graduate degree in Cybersecurity, Information Assurance, or Computer Science is preferred but not mandatory
- 1–2 years of experience in cybersecurity, secure development awareness, security awareness, developer engagement, or related technology roles
- Broader experience in IT, risk management, or technical support may also be applicable
- Exposure to coding concepts; hands-on coding is not required
- Awareness of SDLC and secure development principles; training and upskilling provided
- Familiarity with common developer workflows, tools, and bottlenecks
- Highly respected certifications: CISSP, CSSLP
- Desired: Security+ or equivalent foundational security certification
- Considered: SSAP or similar credentials, especially for candidates with a background in security awareness and developer enablement
Tech Stack
- Cyber Security
- SDLC
Benefits
- comprehensive health and wellness care
- work-life balance
- investment in your future