Senior Security Engineer, Secure Configuration Management - Hybrid
Description:
Position Type: Regular
Your opportunity
At Schwab, you are empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us challenge the status quo and transform the finance industry together.
The Schwab Cybersecurity Services (SCS) organization is a centralized 1st Line of Defense Center of Excellence (COE) that provides security services to advance Schwabs security posture and enhance the protection of Schwabs critical assets. Enterprise Vulnerability Management (EVM) is responsible for Secure Configuration Management and we need a skilled and experienced Senior Engineer to help us translate hardening guidance into practical enforcement. This is an individual contributor role with no direct reports.
The Opportunity
The Enterprise Vulnerability Management (EVM) team is expanding our secure configuration management program. Were looking for a technically strong, solutions-oriented Senior Engineer to help translate hardening guidance into real-world enforcement. In this individual contributor role, youll serve as a subject matter expert for secure configuration implementation across the firms core infrastructure.
Youll be instrumental in bringing our secure baselines to life contributing to automation efforts, enhancing monitoring, and partnering with teams to drive measurable risk reduction. If youre passionate about making secure defaults the norm, wed love to chat.
What youll do:
Translate secure configuration baselines into code using automation tools (e.g., Ansible, Terraform)
Collaborate with infrastructure and security teams to drive consistent baseline implementation and monitoring
Enhance drift detection and alerting capabilities across platforms
Develop scalable enforcement approaches, including self-healing and remediation logic
Serve as a technical advisor on automation strategies related to baseline compliance
Consult on automated approaches to enforce configurations and enable self-healing capabilities using automation platforms
Advocate for scalable security: reduce noise, improve coverage, and automate sanity checks
What you have
Required Qualifications:
7+ years of experience with secure configuration management, including compliance monitoring (e.g., Qualys or equivalent)
Proficiency with scripting or infrastructure-as-code tools (e.g., Python, YAML)
Experience developing Ansible playbooks (YAML) to automate secure configurations
Familiarity with CIS Benchmarks, NIST, DISA STIGS, or vendor-specific hardening guidelines
Solid systems knowledge (Linux, Windows, cloud, or networking preferred)
A clear, thoughtful communication style and a collaborative approach to problem solving
Bachelor's Degree in Computer Science, Engineering, or a related field
Preferred Qualifications:
Security certifications, such as CISSP, CISM, GIAC, or Cloud Security certifications are preferred
Hands on experience administering one or more technology platforms is a plus
In addition to the salary range, this role is also eligible for bonus or incentive opportunities.
Whats in it for you
At Schwab, were committed to empowering our employees personal and professional success. Our purpose-driven, supportive culture, and focus on your development means youll get the tools you need to make a positive difference in the finance industry. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.
We offer a competitive benefits package that takes care of the whole you both today and in the future:
401(k) with company match and Employee stock purchase plan
Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
Paid parental leave and family building benefits
Tuition reimbursement
Health, dental, and vision insurance
by Jobble