Responsibilities

• Leads, hires, and develops a team of application security penetration testers, setting clear performance expectations, providing coaching and feedback, and supporting career development in alignment with organizational goals and HR policies.
• Oversees the planning, scheduling, and reporting of application security assessments, ensuring testing activities are aligned with compliance requirements, internal policies, and secure development standards.
• Manages team workflows, tools, and documentation processes to ensure consistent execution of penetration testing activities and effective tracking of findings, remediation efforts, and audit readiness.
• Drives continuous improvement of testing governance, including the development and maintenance of standard operating procedures, metrics, and quality assurance practices.
• Monitors regulatory and industry developments related to application security and integrates relevant changes into team processes, ensuring ongoing compliance with applicable standards (e.g., PCI-DSS, SOX, ISO 27001).
• Coordinates with internal stakeholders, including development, risk, and compliance teams, to ensure timely communication of findings and alignment on remediation priorities.
• Supports enterprise-wide security initiatives and projects by representing the penetration testing function in cross-functional working groups and providing input on secure development practices.
• Participates in special projects and performs other duties as assigned, including support for audits, assessments, and executive reporting.

Qualifications

• Minimum of five years of experience in application security or related field, with at least three years in a leadership or management role.
• Experience managing or coordinating penetration testing or secure code review programs preferred.
• Strong understanding of compliance frameworks and secure development lifecycle (SDLC) practices.
• Undergraduate degree in a related field or equivalent combination of education and experience required; graduate degree preferred.
• Industry certifications such as CISSP, CISM, or CRISC are a plus; must obtain CISSP within one year of hire.
• Strong understanding of Pentesting tools.

Special Factors

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission-we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.