DevSecOps SCA Tech Lead
Vanguard
full-time
Posted on:
Location Type: Hybrid
Location: Dallas • North Carolina • Pennsylvania • United States
Visit company websiteExplore more
Job Level
Tech Stack
About the role
- Serve as the technical lead and subject matter expert for Software Composition Analysis (SCA)
- Lead the design, configuration, and continuous optimization of SCA tooling
- Drive risk-based vulnerability management for open-source dependencies
- Define and maintain standards, guardrails, and best practices for open-source usage
- Act as the primary point of contact for SCA
- Participate in an on-call rotation to support application security tooling
- Champion a developer-first experience
- Identify, design, and implement automation and process improvements
- Define, track, and communicate key metrics and insights related to open-source risk
- Provide technical leadership and mentorship to App Sec engineers and development teams
- Maintain comprehensive documentation for SCA technologies, processes, and standards
Requirements
- Bachelor’s degree in a related field or equivalent experience
- Hands-on experience deploying and operating SCA/SAST tools
- Experience with additional AppSec tools (Secret Scanning, IAST, DAST, etc.)
- Strong understanding of modern application development and delivery (IDEs, repos, CI/CD, cloud, containers, serverless)
- Working knowledge of NIST, OWASP, and MITRE frameworks
- AppSec, DevSecOps, cloud, or development certifications a plus
Benefits
- Health insurance
- Retirement plans
- Paid time off
- Flexible work arrangements
- Professional development
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Software Composition AnalysisSAST toolsSecret ScanningIASTDASTautomationprocess improvementsapplication securitycloudcontainers
Soft Skills
technical leadershipmentorshipcommunicationrisk managementcollaborationproblem-solvingdocumentationoptimizationdeveloper-first experienceinsight tracking
Certifications
AppSec certificationsDevSecOps certificationscloud certificationsdevelopment certifications