Pay range: USD $135,000.00 - $185,000.00 / Year
Your opportunity
At Schwab, you are empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us "challenge the status quo" and transform the finance industry together.
The Schwab Cybersecurity Services (SCS) organization is a centralized 1st Line of Defense Center of Excellence (COE) that provides security services to advance Schwab's security posture and enhance the protection of Schwab's critical assets. Enterprise Vulnerability Management (EVM) is responsible for Secure Configuration Management - and we need a skilled and experienced Senior Engineer to help us translate hardening guidance into practical enforcement. This is an individual contributor role with no direct reports.
Want more jobs like this?
Get jobs in Phoenix, AZ delivered to your inbox every week.
The Opportunity
The Enterprise Vulnerability Management (EVM) team is expanding our secure configuration management program. We're looking for a technically strong, solutions-oriented Senior Engineer to help translate hardening guidance into real-world enforcement. In this individual contributor role, you'll serve as a subject matter expert for secure configuration implementation across the firm's core infrastructure.
You'll be instrumental in bringing our secure baselines to life - contributing to automation efforts, enhancing monitoring, and partnering with teams to drive measurable risk reduction. If you're passionate about making secure defaults the norm, we'd love to chat.
What you'll do:
- Translate secure configuration baselines into code using automation tools (e.g., Ansible, Terraform)
- Collaborate with infrastructure and security teams to drive consistent baseline implementation and monitoring
- Enhance drift detection and alerting capabilities across platforms
- Develop scalable enforcement approaches, including self-healing and remediation logic
- Serve as a technical advisor on automation strategies related to baseline compliance
- Consult on automated approaches to enforce configurations and enable self-healing capabilities using automation platforms
- Advocate for scalable security: reduce noise, improve coverage, and automate sanity checks
What you have
Required Qualifications:
- 7+ years of experience with secure configuration management, including compliance monitoring (e.g., Qualys or equivalent)
- Proficiency with scripting or infrastructure-as-code tools (e.g., Python, YAML)
- Experience developing Ansible playbooks (YAML) to automate secure configurations
- Familiarity with CIS Benchmarks, NIST, DISA STIGS, or vendor-specific hardening guidelines
- Solid systems knowledge (Linux, Windows, cloud, or networking preferred)
- A clear, thoughtful communication style and a collaborative approach to problem solving
- Bachelor's Degree in Computer Science, Engineering, or a related field
Preferred Qualifications:
- Security certifications, such as CISSP, CISM, GIAC, or Cloud Security certifications are preferred
- Hands on experience administering one or more technology platforms is a plus
In addition to the salary range, this role is also eligible for bonus or incentive opportunities.
What's in it for you
At Schwab, we're committed to empowering our employees' personal and professional success. Our purpose-driven, supportive culture, and focus on your development means you'll get the tools you need to make a positive difference in the finance industry. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.
We offer a competitive benefits package that takes care of the whole you - both today and in the future:
- 401(k) with company match and Employee stock purchase plan
- Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
- Paid parental leave and family building benefits
- Tuition reimbursement
- Health, dental, and vision insurance