Application Security Coordinator - Threat Modeling

The Threat Modeling Application Security Coordinator orchestrates and facilitates threat modeling activities across application and infrastructure teams. This role serves as the central coordination point for intake, planning, and execution of threat modeling exercises and related security reviews, ensuring a consistent, timely, and high-quality experience. Partnering closely with engineers, architects, product owners, and cybersecurity specialists, the Threat Modeling team helps teams understand their attack surface, analyze potential threats, and prioritize mitigations early in the development lifecycle to strengthen overall security posture. Acting as the central assessment orchestration function, the specialist manages assessment intake, prioritization, scheduling, documentation, execution tracking, and reporting. The role blends cybersecurity risk management expertise with strong program and project management discipline, leveraging Agile and Scrum based practices to meet defined SLAs, quality standards, and reporting expectations. By combining strong cross-functional, stakeholder management, and planning skills, this role enables the threat modeling team to drive a consistent “security by design” approach across the portfolio. This Hybrid Role (in office Tues Wed Thurs) is based in Charlotte, NC, Dallas, TX, or Malvern, PA (HQ)

Responsibilities:

Threat Modeling & Secure Design Coordination

• Provide programmatic support and coordination for application and infrastructure security assessments.
• Own and manage the threat modeling engagement from intake through final reporting and closure.
• Coordinate workshop scheduling across multiple concurrent engagements, balancing priorities, dependencies, and resource availability.
• Partner with application teams, infrastructure owners, and product stakeholders to gather pre workshop information, technical documentation, architecture diagrams, and required artifacts.
• Ensure threat modeling workshop scope, assumptions, and prerequisites are clearly defined and validated prior to execution.

2.Stakeholder Engagement & Partnership

• Serve as the primary coordination point between cybersecurity, engineering, architecture, and product stakeholders for threat modeling and secure design activities.
• Build strong relationships with development and infrastructure teams to promote early engagement with security and “shift‑left” practices.
• Clearly communicate expectations, timelines, and outcomes to both technical and non‑technical audiences.
• Escalate risks, delays, or blockers to appropriate leaders in a timely, structured manner.

Documentation, Tracking & Reporting

• Ensure threat modeling sessions and outcomes are accurately documented, including identified threats, assumptions, mitigations, and residual risks.
• Maintain high‑quality records in designated tools and repositories, ensuring traceability from threats to corresponding controls or backlog items.
• Support audit‑ready documentation and evidence requirements related to application and infrastructure security design.
• Produce regular reporting on volume, throughput, cycle times, and themes emerging from threat modeling activities.

Risk & Vulnerability Alignment

• Coordinate with vulnerability management and risk teams to align threat modeling outcomes with broader risk registers, remediation workflows, and standards.
• Ensure that critical threats and design weaknesses are properly logged, tracked, and dispositioned through established risk processes.
• Support remediation follow‑up by partnering with technology owners to monitor progress on agreed mitigations.

Agile Ways of Working & Coordination

• Apply program and project management best practices to manage complex, multi workstream assessment activities.
• Maintain assessment roadmaps, intake queues, and execution plans aligned to business and technology priorities.
• Leverage Agile and Scrum style practices where appropriate, including backlog management, sprint planning, stand ups, retrospectives, and dependency tracking.
• Act as a servant‑leader / facilitator for security‑focused work, removing impediments and enabling smooth execution across teams.
• Contribute to the refinement of threat modeling playbooks, templates, and checklists to drive consistency and ease of use.

Education & Experience:

Bachelor’s degree in Information Security, Information Technology, Risk Management, or a related field (or equivalent experience).

Experience (typically 5+ years) in application security, cybersecurity, IT risk management, software engineering, or technology program coordination.

Demonstrated experience coordinating or facilitating security activities such as threat modeling, security architecture reviews, or application/infrastructure security assessments in large, regulated, or complex environments.

Strong understanding of cybersecurity risk concepts (e.g., vulnerability, risk, threat, attack surface, mitigation)

Understanding of software development lifecycles (Agile, DevOps, CI/CD)

Preferred Qualifications:

Familiarity with structured threat modeling approaches and tools (e.g., STRIDE‑style analysis, attack trees, or similar methodologies).

Familiarity with security and risk frameworks such as NIST CSF, NIST 800‑53, ISO 27001, or CIS Controls.

Program or project management certifications (PMP, PgMP, PRINCE2) or Agile/Scrum certifications (CSM, SAFe, PMI ACP).

Familiarity with vulnerability management, remediation tracking, and risk acceptance processes.

Experience supporting metrics, dashboards, and SLA driven operational reporting.

Key Skills & Competencies

Project Management: Planning, prioritization, dependency management, and delivery execution.

Agile / Scrum Facilitation: Backlog management, impediment removal, team coordination.

Stakeholder Management: Ability to influence without authority across security, IT, and business teams.

Operational Rigor: Attention to detail, documentation quality, and audit readiness.

Communication: Clear, concise communication of technical risk information to varied audiences.

Process Improvement: Continuous improvement mindset with the ability to standardize and scale operations.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.