Manager, Web Application & Fraud Testing
Apply (https://vanguard.wd5.myworkdayjobs.com/en-US/vanguard external/job/Malvern-PA/Manager---Web-Efficiency---Fraud-Testing 178962/apply)
locations
Malvern, PA
time type
Full time
posted on
Posted 7 Days Ago
time left to apply
End Date: June 22, 2026 (5 days left to apply)
job requisition id
178962
TheManager - Web Application & Fraud Testingleads a specialized offensive security unit focused onapplication-layer security assessments and fraud attack simulations. Reporting to the Senior Manager of Offensive Security & Fraud Testing, this leader's mission is toestablish and mature Vanguard's fraud testing program, proactively identifyingreal-world fraud scenarios and control gapsbefore they result in losses. The role blends deepred team/penetration testing expertisewithfraud domain knowledge, using anadversarial mindsetto simulate how fraudsters might exploit ourweb and digital channels. Throughthreat-led testing(not reactive or audit-driven), the Manager ensures findings drivedetection improvements, control remediation, and reduced fraud risk exposureacross the enterprise.
Key Responsibilities:
Fraud Testing Program Leadership:Develop and champion the strategic visionfor Vanguard's fraud testing program, aligning it with industry frameworks(e.g., FS-ISAC Cyber Fraud Prevention Framework (CFPF), MITRE's fraud tactics frameworks such as Fight Fraud (F3)) and firm-wide risk priorities. Define clear objectives and roadmaps for threat scenario developmentand testing campaigns that mirror real fraud actor behaviors. Ensure a threat-led, proactive approach- focusing on emergent fraud trends (account takeover, social engineering, identity fraud, payment fraud, etc.) - rather than reactive or compliance-only testing.
Team Management & Development: Lead and mentor a teamof ~4-8 Fraud Specialist Offensive Security Analystsdedicated to fraud-focused attack simulation and advanced web application testing. Set performance goals, manage staffing and skill development, and foster a culture of continuous learning and innovation. Guide the team in adopting new fraud TTPs(tactics, techniques, procedures) and tools (e.g., bot frameworks, scenario automation) to keep ahead of evolving fraud methods.
Operational Oversight - Web App & Fraud Scenario Testing:Plan, scope, and oversee complex fraud testing engagementsend-to-end. This includes ensuring critical customer-facing web and mobile applicationsundergo rigorous security testing for vulnerabilities (e.g. injection flaws, authentication weaknesses, session handling, API misconfigurations) as well as business logic abuse. Direct the design of realistic fraud scenarios- e.g., multi-step account takeover chains, transaction manipulation, synthetic identity usage - to stress-test fraud controls and processes. Maintain high ethical and operational standards in testing (legal, privacy, customer safety) while pushing the envelope to simulate advanced fraud threats.
Stakeholder Collaboration & Purple Teaming:Serve as the primary liaisonfor fraud testing efforts across Fraud Operations, Fraud Intelligence, Detection Engineering, Cyber Defense (Blue Team), Application Security, and Business Product teams. Work closely with these stakeholders to identify high-risk fraud scenarios(leveraging fraud intel and actual incidents) and ensure test plans cover relevant attack vectors. Coordinate Purple Team exercisesthat bring together offensive fraud testers and defensive owners (e.g., monitoring & fraud analytics teams) to validate detection rules, alert triggers, and response plans in real-time scenarios.
Risk Management & Outcome Integration: Translate test findings into risk insights: Oversee thorough documentation of vulnerabilities, control gaps, and fraud detection weaknessesdiscovered during testing. Ensure all findings are entered into risk management systems (e.g., risk registers) with appropriate severity and ownership. Work with partner teams to prioritize remediationand close gaps(including scheduling re-testing to validate fixes). Map findings to frameworks like CFPFto communicate which stages of the fraud kill-chain were exploited (Recon, Initial Access, Positioning, Execution, Monetization) and use that mapping to guide targeted control improvements.
Program Metrics & Continuous Improvement:Define key performance indicatorsfor the fraud testing program (e.g., number of fraud scenarios tested, detection gaps identified and resolved, **"fraud saved" metrics from improved controls, stakeholder satisfaction). Regularly report on program progressto senior leadership, highlighting how fraud testing has strengthened defenses or uncovered risk. Continuously refine methodologies and tooling - for example, evaluate integrating AI tools or automationfor large-scale credential stuffing simulations or anomaly detection. Stay current on emerging fraud threats (new scam methods, shifts in fraudster tactics) and adjust the program to anticipate these trends.
Required Qualifications:
Offensive Security & Fraud Domain Expertise:8+ years in cybersecurity, with significant experience in detection engineering, red teaming, or adversary simulation(preferably in financial services or similar). Understanding of fraud vectors (account takeover, social engineering, identity fraud, payments fraud, business logic abusein applications) and how to simulate them. Strong familiarity with relevant frameworks and models (e.g., CFPF, MITRE ATT&CK; knowledge of MITRE's emerging Fight Fraud Framework (F3)is a plus).
Leadership & Program Management:Proven track record (3+ years) leading security teams or programs- e.g., managing a red team, threat simulation team, or similar function. Demonstrated ability to scale a program from concept to maturity: strategic planning, establishing processes, measuring impact with metrics, and iterating based on feedback. Exceptional organizational skillsto handle multiple engagements in parallel and ensure quality deliverables on schedule.
Technical Skills (Web & App Security):Strong understanding of web application security(OWASP Top 10, API security, authentication/authorization flows, etc.) and how these may be leveraged in fraud scenarios. Ability to effectively oversee technical testing and validate severity of findings. Comfort with scripting/automation(Python, etc.) to support or guide advanced testing techniques (e.g., automating large-scale credential stuffing tests). Familiarity with fraud tools and data(e.g., user behavior analytics, device fingerprinting, anti-fraud controls) is beneficial.
Stakeholder Engagement & Communication:Excellent cross-functional communication skills. Experience collaborating with non-security teams (fraud/risk, business product owners, customer service, etc.) to drive change. Executive presenceto articulate program value and risk insights to senior leadership in clear, business-relevant terms. A track record of building trust and strong partnerships- especially with fraud prevention or risk management teams - through transparency and delivering results.
Education & Certifications:Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience). Graduate degree or specialized fraud training (e.g., Certified Fraud Examiner (CFE)) is a plus. Relevant technical certifications such as OSCP, CRTP/CRTE, CISSP, GIACor similar demonstrate both offensive technical acumen and security management credibility.
Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.
About Vanguard
At Vanguard, we don't just have a mission-we're on a mission.
To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.
Similar Jobs (5)
Threat Emulation and Exploit Engineer
locations
3 Locations
time type
Full time
posted on
Posted 7 Days Ago
Sr Vulnerability Management Analyst
locations
3 Locations
time type
Full time
posted on
Posted 27 Days Ago
Engineering Manager
locations
Malvern, PA
time type
Full time
posted on
Posted Today
time left to apply
End Date: July 4, 2026 (17 days left to apply)
View All 5 Jobs
About Us
Vanguard, one of the world's leading investment management companies, serves individual investors, institutions, employer-sponsored retirement plans, and financial professionals. We have a diverse and talented crew with a culture that promotes teamwork, along with an unwavering focus on serving our clients' best interests.
This website uses "cookies" to distinguish you from other users. A cookie is a small file of letters and numbers placed on your computer or device. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services. The cookies are stored locally on your computer or mobile device. To accept cookies you can continue browsing as normal. Or you can go to ourPrivacy Policy (https://www.vanguardjobs.com/site-privacy-policy/) to read more information and learn how to change your preferences.
Read More
