Overview
On Site
USD 145,000.00 - 180,000.00 per year
Full Time
Skills
Creative Problem Solving
Finance
Collaboration
Management
Financial Planning
Computer Engineering
OWASP
Security Controls
SQL
Encryption
Algorithms
Agile
IDE
Threat Modeling
People Skills
Software Security
Analytical Skill
Conflict Resolution
Problem Solving
Apache Struts
Spring Framework
J2EE
Java
.NET
Authentication
Authorization
Service Design
XML
JSON
Ajax
JavaScript
Communication
SOAP
Bitbucket
GitHub
Cyber Security
Web Applications
Penetration Testing
White Hat
Job Details
Your Opportunity
At Schwab, you're empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us "challenge the status quo" and transform the finance industry together.
We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).
Schwab Technology Services enables the future of how clients manage their money by providing innovative and reliable technology products and services as a part of our ongoing commitment to democratize access to investing and financial planning.
Serve as a trusted partner to developers, product owners, and stakeholders, translating company security policies into actionable, non-functional application security controls.
Be thought leader - drive secure code reviews, identify context-specific vulnerabilities, align teams with security objectives, and eliminate process inefficiencies.
Communicate emerging application security weaknesses, exploit patterns, and risk scenarios in clear, business-relevant terms.
Assist teams in mitigation and remediation efforts while operating within agile delivery environments.
Apply insight and initiative to raise the standard of secure development and streamline the path from policy to implementation.
What you have
Required Qualifications
o Bachelor's degree in computer engineering OR related engineering degree and/or practical experience
o Ability to demonstrate knowledge of OWASP Top 10 and CWE Top 25
o Knowledge of application-layer security controls, including authentication and authorization methods, input/output validation and sanitization, and defenses against injection attacks such as SQL or command injection
o Understanding of secure cryptographic practices, including appropriate use of encryption algorithms, hashing functions, and protection of data at rest and in motion
o Secure coding in Java or .NET web and service development, backed by 7+ years of practical, hands-on programming and IT experience
o Experience participating as a member of a team in an agile environment
o Experience with the Secure Development Lifecycle
o Experience with security tools including SAST, DAST, IDE plugins, decompilers, and threat modeling platforms
Advanced people skills:
o Ability to conceptualize an application security finding and the best tactical approach for a team to remediate
o Excellent communication skills and proven ability to communicate threats and facilitate progress towards long-term remediation
o Ability to effectively communicate complex security findings to both technical and non-technical audiences
o Ability to demonstrate proven analytical and problem-solving skills, as well as desire to assist others
o Effective relationship builder: ability to partner cross-functionally, cross-enterprise and work effectively with various levels of the organization
Preferred Qualifications
In addition to the salary range, this role is also eligible for bonus or incentive opportunities.
At Schwab, you're empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us "challenge the status quo" and transform the finance industry together.
We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).
Schwab Technology Services enables the future of how clients manage their money by providing innovative and reliable technology products and services as a part of our ongoing commitment to democratize access to investing and financial planning.
Serve as a trusted partner to developers, product owners, and stakeholders, translating company security policies into actionable, non-functional application security controls.
Be thought leader - drive secure code reviews, identify context-specific vulnerabilities, align teams with security objectives, and eliminate process inefficiencies.
Communicate emerging application security weaknesses, exploit patterns, and risk scenarios in clear, business-relevant terms.
Assist teams in mitigation and remediation efforts while operating within agile delivery environments.
Apply insight and initiative to raise the standard of secure development and streamline the path from policy to implementation.
What you have
Required Qualifications
o Bachelor's degree in computer engineering OR related engineering degree and/or practical experience
o Ability to demonstrate knowledge of OWASP Top 10 and CWE Top 25
o Knowledge of application-layer security controls, including authentication and authorization methods, input/output validation and sanitization, and defenses against injection attacks such as SQL or command injection
o Understanding of secure cryptographic practices, including appropriate use of encryption algorithms, hashing functions, and protection of data at rest and in motion
o Secure coding in Java or .NET web and service development, backed by 7+ years of practical, hands-on programming and IT experience
o Experience participating as a member of a team in an agile environment
o Experience with the Secure Development Lifecycle
o Experience with security tools including SAST, DAST, IDE plugins, decompilers, and threat modeling platforms
Advanced people skills:
o Ability to conceptualize an application security finding and the best tactical approach for a team to remediate
o Excellent communication skills and proven ability to communicate threats and facilitate progress towards long-term remediation
o Ability to effectively communicate complex security findings to both technical and non-technical audiences
o Ability to demonstrate proven analytical and problem-solving skills, as well as desire to assist others
o Effective relationship builder: ability to partner cross-functionally, cross-enterprise and work effectively with various levels of the organization
Preferred Qualifications
- Experience with enterprise platforms such as Struts, Spring, J2EE/Jakarta EE (Java) or .NET, with awareness of how their structure impact authentication, authorization, and secure service design
- Intermediate understanding of web technologies and data formats, including XML, JSON, AJAX, with attention to the security implications of JavaScript-driven UIs and asynchronous communication
- Familiarity with service protocols and architectures such as SOAP and REST, with working knowledge of secure data handling and integration patterns
- Experience with source code repository tools such as BitBucket and GitHub
- Master's degree in Cybersecurity a plus
- Web application penetration testing, ethical hacking, red/blue teaming, or capture-the-flag experience a plus
In addition to the salary range, this role is also eligible for bonus or incentive opportunities.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.