Jobs · Information Technology · North Carolina

Software Supply Chain Security Specialist

Vanguard · Charlotte, NC · 1 wk ago
HybridInformation TechnologyFull-time

About the role

The Software Supply Chain Security Specialist is responsible for defining and owning enterprise software supply chain security strategy, roadmap, and governance. This includes establishing policies and guardrails for SBOM, artifact signing, provenance, and dependency usage. The role involves embedding security controls across the Software Development Lifecycle (SDLC), Continuous Integration/Continuous Deployment (CI/CD) pipelines, and artifact repositories. Responsibilities also include implementing and enforcing SBOM generation, validation, and artifact integrity controls, collaborating with stakeholders to manage risk-based vulnerability management for open-source and third-party components, and owning tooling strategy for software composition analysis (SCA), container scanning, and supply chain security automation.

Responsibilities

  • Define and own enterprise software supply chain security strategy, roadmap, and governance
  • Establish policies and guardrails for SBOM, artifact signing, provenance, and dependency usage
  • Embed security controls across SDLC, CI/CD pipelines, and artifact repositories
  • Implement and enforce SBOM generation, validation, and artifact integrity controls
  • Collaborate with stakeholders and lead risk-based vulnerability management for open-source and third-party components
  • Collaborate with stakeholders and define remediation workflows, SLAs, and exception handling for supply chain risks
  • Own tooling strategy for SCA, container scanning, and supply chain security automation
  • Integrate and optimize security tooling within CI/CD for scalable enforcement
  • Maintain inventory and visibility of dependencies, SBOMs, and third-/fourth-party exposure
  • Partner with AppSec, DevSecOps, and platform teams to drive secure development adoption
  • Enable developers via playbooks, guardrails, and self-service secure consumption patterns
  • Define metrics and report on supply chain risk posture, remediation effectiveness, and maturity

Qualifications

  • A minimum of five years related work experience
  • An undergraduate degree or equivalent combination of training and experience, with a graduate degree preferred
  • Seven to ten years in AppSec, DevSecOps, or platform security
  • Hands-on experience with SCA and pipeline security
  • Prior certifications preferred (CISSP, CSSLP, AAISM or equivalent)
  • Programming/scripting skills in Python, Java, or YAML

Similar jobs