Application Security Pentester, Specialist

Leads and executes security assessments to identify, validate, and communicate security risks. Performs manual and automated penetration testing, conducts additional security assessments such as Secure Code Reviews and Dynamic Application Security Testing (DAST), and produces clear, actional reports for technical teams and leadership. Partners with IT and business stakeholders to assess risk, support remediation, and improve the organization's overall security posture. Core Responsibilities Leads and executes penetration tests across a variety of technologies, including web applications, APIs, and AI-enabled systems. Performs manual and automated testing to identify, exploit, and validate vulnerabilities. Conducts other security assessments as needed, including Secure Code Reviews and/or Dynamic Application Security Testing (DAST). Develops detailed assessment reports and presents findings to technical teams and leadership. Coordinates security risk reporting and collaborates with IT sub-divisions, third-party partners, and business units to identify the impact of technology implementations on IT and business operations. Contributes to the evolution of team processes, testing methodologies, standards, and best practices. Maintains subject-matter expertise in common vulnerability classes and attack techniques (e.g., OWASP Top 10, OWASP Top 10 API, SANS Top 25), and remains familiar with relevant security frameworks (e.g., MITRE ATT&CK). Stays current on emerging threats, tools, and offensive security techniques. Participates in special projects and performs other duties as assigned. Qualifications Minimum five years related work experience with three years experience in IT security or application development. Undergraduate degree in related field or equivalent combination of training and experience. Hands-on experience performing web application, API, and network penetration testing. Preferred experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tooling. Experience in on or more of the following a plus: cloud penetration testing, mobile penetration testing, AI red teaming Proficiency in at least one programming or scripting language (e.g., Python, Java). Preferred security certifications such as OffSec Certified Professional (OSCP), OffSec Web Assessor (OSWA), OffSec Web Expert (OSWE), GIAC Penetration Tester (GPEN), or GIAC Web Application Penetration Tester (GWAPT). Special Factors Sponsorship Vanguard is not offering visa sponsorship for this position. About Vanguard At Vanguard, we don't just have a mission—we're on a mission. To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best. How We Work Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience. Vanguard, one of the world's leading investment management companies, serves individual investors, institutions, employer-sponsored retirement plans, and financial professionals. We have a diverse and talented crew with a culture that promotes teamwork, along with an unwavering focus on serving our clients' best interests. This website uses "cookies" to distinguish you from other users. A cookie is a small file of letters and numbers placed on your computer or device. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services. The cookies are stored locally on your computer or mobile device. To accept cookies you can continue browsing as normal. Or you can go to our Privacy Policy to read more information and learn how to change your preferences.