Application Security Engineer

Pay range: USD $40.00 - $60.10 / Hour

Your opportunity

At Schwab, you're empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us "challenge the status quo" and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

We are seeking a motivated and detail-oriented Application Security Analyst to join our application security team. In this role, you will contribute to our organization's security posture by supporting Dynamic Application Security Testing (DAST) efforts and managing API security. You will play an integral part in identifying, triaging, and managing vulnerabilities in web applications and APIs, ensuring our products remain secure and resilient against emerging threats.

Key Responsibilities

• Assist in planning, executing, and managing Dynamic Application Security Testing (DAST) for web applications.
• Review, analyze, and triage vulnerabilities identified through application security testing programs including DAST and API Security as well as through manual testing.
• Collaborate with development teams to validate findings, prioritize remediation efforts, and track resolution of vulnerabilities.
• Maintain accurate documentation of security findings, remediation status, and communications with stakeholders.
• Stay informed about the latest application and application security trends, vulnerabilities, and best practices.
• Contribute to continuous improvement of application security processes and tooling.

• Bachelor's degree in Computer Science, Information Security, or related field,
• Practical understanding of web application architecture and common security vulnerabilities (e.g., OWASP Top 10).
• Familiarity with API technologies (REST, SOAP, GraphQL) and common API security issues.
• Exposure to or interest in using DAST tools (e.g., Burp Suite, OWASP ZAP, WebInspect, WhiteHat) is a plus.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to work collaboratively in a team environment.

• Experience with vulnerability management platforms (e.g., Jira).
• Proficient in scripting (Python, Bash, etc.) for automation purposes.
• Understanding of secure software development practices.
• Certifications such as Security+, CEH, or similar are a plus

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance