AppSec Jobs
← Back to all jobs

Vanguard

Cloud Security Engineer

Charlotte, NCWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Vanguard

The Vanguard Group is an American registered investment adviser based in Malvern, Pennsylvania, founded on May 1, 1975. As of January 31, 2025, Vanguard manages approximately $11 trillion in global assets, making it the largest provider of mutual funds and the second-largest provider of exchange-traded funds (ETFs) worldwide. Vanguard operates under a unique ownership model, where the funds are owned by the investors themselves, allowing the company to prioritize client interests and return profits to its investors. Vanguard is recognized for pioneering index funds, launching the first index fund for individual investors in 1976. The company offers a range of services, including investment advisory, financial planning, retirement solutions, brokerage services, and insurance products. With a commitment to cost leadership, Vanguard has significantly reduced expense ratios compared to industry averages. The firm has a global presence, serving around 30 million investors in over 170 countries, and has established offices across Asia, Australia, Europe, and North America.

Industry

financial services

Employees

21,000

3965 engineers

Revenue

$5.3B

Website

Visit →

Security at Vanguard

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Vanguard's AppSec philosophy is centered on 'frictionless developer experience' and 'shift-left' practices.
  • The team views security as an enabler rather than a gatekeeper, aiming to streamline scan workflows to minimize disruption to development.
  • Their mission is to provide the solutions and processes that secure applications and operations globally.
  • They emphasize early engagement through threat modeling and the proactive identification of security gaps across all code repositories.

Security Team

Vanguard's Application Security team operates within the Enterprise Security and Fraud (ES&F) sub-division, which is part of the larger Global Risk & Security (GR&S) organization. The team includes roles such as Senior Application Security Specialists and Application Security Coordinators. The ES&F division is tasked with the global protection of Vanguard crew, property, data, and client assets. While specific headcount is not publicly available, the team utilizes a 'security orchestration' model to integrate tools into development pipelines.

Key Initiatives

  • Current AppSec initiatives at Vanguard include driving maximum scan coverage across all repositories to identify security gaps and orchestrating threat modeling activities across application and infrastructure teams. The team is also focused on aligning threat modeling outcomes with broader enterprise risk registers and ensuring that security assessments meet defined SLAs and quality standards.
  • A key operational initiative is the integration of security tooling directly into CI/CD pipelines to automate the vulnerability management process.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.