Duties and Responsibilities 

• Aggregate and normalize vulnerability data from diverse sources into a unified vulnerability platform (UVM). 

• Experience with integrating self-hosted and SaaS-based applications via APIs.  Expertise utilizing native API integrations and developing custom integrations (via code or scripts).  

• Collaborate with product owners (Vulnerability Management, DevSecOps, Cloud Security, etc.) to ensure the collection, quality, normalization, and enrichment of vulnerability data. 

• Apply standardized vulnerability severity scoring and customize it to reflect business context and risk appetite. 

• Develop and maintain centralized dashboards to visualize risk posture across applications and environments.  To include custom dashboards for different stakeholder types (executives, business owners, and resource owners). 

• Collaborate with Technical Security Advisors and BISOs to maintain and improve risk reporting (visualizations, dashboards, reports, notifications, etc.). 

• Improve exception workflows through UVM integrations with workload mgmt./ticketing systems.  

• Build and maintain RBAC to the UVM platform (dashboards, reports, etc.). 

• Define and enforce remediation SLAs and shift-left prevention policies. 

• Support operational workflows for risk acceptance, false positives, and severity overrides. 

• Participate in recurring vulnerability oversight meetings and provide actionable insights.  

• Contribute to the development of vulnerability lifecycle processes and automation strategies. 

• Maintain comprehensive documentation of technology, projects, processes, etc. 

• Stay up to date on security practices and standards; participate in educational opportunities; read professional publications. 

• Participate in special projects and other duties as assigned. 

 

Qualifications 

• Undergraduate degree in IT or cybersecurity is preferred. 

• 3-5 years of experience in vulnerability management. 

• Hands-on experience with unified vulnerability management (UVM) solutions (e.g., ArmorCode, Wiz). 

• Strong understanding of OWASP Top 10, CVE, CVSS, NVD, and other vulnerability standards. 

• Experience with programming and scripting languages (e.g., Python, PowerShell) is preferred. 

• Familiarity with data engineering solutions (e.g., Athena, Tableau), workload management solutions (e.g., Jira, ServiceNow), version control and pipeline solutions (e.g., Bamboo, GitHub), and IaC solutions (e.g., Terraform, Ansible). 

• Knowledge of application development, build, and deployment processes (development, IDEs, repositories, branching, pipelines, cloud, containers, serverless, etc.). 

• Professional certifications such as CISSP, CCSP, or Security+ a plus.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.