Jobs · Information Technology · Texas

Software Supply Chain Security Specialist

Vanguard · Dallas, TX · 5 days ago
HybridInformation TechnologyFull-time

About the role

The Software Supply Chain Security Specialist is responsible for defining and owning enterprise software supply chain security strategy, roadmap, and governance. This includes establishing policies and guardrails for Software Bill of Materials (SBOM), artifact signing, provenance, and dependency usage. The role requires embedding security controls across the Software Development Life Cycle (SDLC), Continuous Integration/Continuous Deployment (CI/CD) pipelines, and artifact repositories. Responsibilities also involve implementing and enforcing SBOM generation, validation, and artifact integrity controls, collaborating with stakeholders to manage risk-based vulnerability management for open-source and third-party components, and defining remediation workflows, Service Level Agreements (SLAs), and exception handling for supply chain risks.

Responsibilities

  • Define and own enterprise software supply chain security strategy, roadmap, and governance
  • Establish policies and guardrails for SBOM, artifact signing, provenance, and dependency usage
  • Embed security controls across SDLC, CI/CD pipelines, and artifact repositories
  • Implement and enforce SBOM generation, validation, and artifact integrity controls
  • Collaborate with stakeholders and lead risk-based vulnerability management for open-source and third-party components
  • Collaborate with stakeholders and define remediation workflows, SLAs, and exception handling for supply chain risks
  • Own tooling strategy for SCA, container scanning, and supply chain security automation
  • Integrate and optimize security tooling within CI/CD for scalable enforcement
  • Maintain inventory and visibility of dependencies, SBOMs, and third-/fourth-party exposure
  • Partner with AppSec, DevSecOps, and platform teams to drive secure development adoption
  • Enable developers via playbooks, guardrails, and self-service secure consumption patterns
  • Define metrics and report on supply chain risk posture, remediation effectiveness, and maturity

Qualifications

  • Minimum of five years related work experience
  • Undergraduate degree or equivalent combination of training and experience, with a graduate degree preferred
  • Seven to ten years in AppSec, DevSecOps, or platform security
  • Hands-on experience with Software Composition Analysis (SCA) and pipeline security
  • Prior certifications preferred (CISSP, CSSLP, AAISM or equivalent)
  • Programming/scripting skills in Python, Java, or YAML

Nice-to-Have

  • Experience with AI/ML pipeline security
  • Exposure to AIBOM or advanced SBOM evolution
  • Knowledge of zero-trust supply chain models

Similar jobs