Sr Specialist - Security Analytics & Operations

Your opportunity

At Charles Schwab, our purpose is simple: we champion client’s goals with passion and integrity. Guided by honesty, mutual respect and a commitment to doing what’s right, we bring innovation, education, and service together to help shape financial futures. Our people are the foundation of our success – they approach their work with curiosity and collaboration, coming together to create solutions that make a meaningful impact for clients and communities. As we expand into India, we are bringing this same culture of inclusion, learning, and opportunity to new talent. Joining us means becoming part of a global team where your work matters and your future can take shape.​

Our Hyderabad location is central to Schwab’s growth, bringing together talented people and technology to drive innovation, scale and efficiency. Here, you will work alongside teams who create solutions that support millions of clients every day. The work you do is more than daily operations – it’s a chance to experiment, learn, and build within a values-driven, supportive environment. This is a unique opportunity to be part of our early growth phase and shape something new, backed by the stability and strength of a Fortune 500 company. Your impact begins on day one, and your contributions will help define our future in the region​

The Senior SOC Specialist is an experienced security analyst operating at Tier 2/3, responsible for handling complex or escalated incidents and leading advanced detection and response efforts. As a subject-matter expert in the SOC, the Senior Analyst conducts in-depth investigations and tunes detection systems to improve the SOC’s effectiveness. In a financial industry SOC, Senior Analysts play a critical role in ensuring that sophisticated cyber attacks – especially those targeting sensitive financial data, customer information, or transactions – are identified, investigated, and contained swiftly. They also act as mentors for junior analysts, sharing knowledge and providing guidance to elevate the skills and performance of the entire team.

Key Responsibilities:

• Incident Investigation & Response: Lead in-depth investigations of security incidents. Analyze compromised systems and networks to determine root cause, scope, and impact. Perform host- and network-based digital forensics, examining logs, system images, and other evidence to understand attack vectors and methods. Drive timely containment, eradication of threats, and recovery of affected systems.
• Detection Tuning & Content Development: Refine and develop detection mechanisms to improve the SOC’s alert fidelity. Write and adjust SIEM correlation rules, alerts, and use cases to reduce false positives and ensure emerging threats are detected. Work with security engineers to fine-tune EDR and IDS/IPS signatures and to integrate new threat intelligence into monitoring tools.
• Incident Reporting: Document and report on incident findings and response actions in detail. Produce post[1]incident reports that summarize the attack timeline, techniques used, impact on systems/data, and remediation steps taken. Provide recommendations for future prevention and control improvements.
• Mentorship and Training: Guide and support junior SOC analysts (Tier 1) by reviewing their incident reports, offering feedback, and providing technical direction during investigations.
• Help develop training materials or lead workshops on new threats, tools, or investigative techniques. This ensures knowledge transfer and continuous improvement of the team’s capabilities.
• Cross-Team Collaboration: Coordinate with other teams such as Threat Intelligence, Vulnerability
• Management, or IT Operations when investigating incidents. For example, work with vulnerability management to verify if newly disclosed exploits (e.g., affecting financial systems) are relevant to the organization’s environment, or collaborate with IT teams on remediation and patching.

What you have

Required Qualifications:

• Experience: Typically 3–6 years of experience in cybersecurity operations or incident response. A track record of investigating a variety of security incidents and familiarity with SOC processes and incident response lifecycle is expected. Prior experience in the financial sector or another highly regulated industry is advantageous due to understanding of compliance and advanced threat scenarios.
• Technical Expertise: Proficiency with security monitoring and investigation tools. Strong hands-on experience using a SIEM (creating complex queries, interpreting correlations) and EDR solutions to analyze incidents. Ability to perform deep packet inspection with network analysis tools (e.g.,
• Wireshark) and experience with forensic techniques (memory or disk analysis). Solid understanding of malware behavior, lateral movement, data exfiltration methods, and other adversary tactics.
• Threat Knowledge: Strong knowledge of adversary tactics, techniques, and procedures as documented in frameworks like MITRE ATT&CK. Able to map observed behavior to known tactics and recommend detection or mitigation strategies. Up-to-date on current cyber threats targeting financial institutions (such as phishing campaigns, ransomware, banking trojans, insider threats, etc.).
• Certifications: One or more advanced cybersecurity certifications are expected as evidence of expertise.
• Examples: GIAC certifications like GCIH (Incident Handler) or GCIA (Intrusion Analyst), GCFA (Forensic Analyst) for digital forensics, or GREM (Reverse Engineering Malware) for malware analysis. CompTIA CySA+ or CASP+, OSCP, or similar certifications are also beneficial. These demonstrate hands-on skills in incident handling, intrusion analysis, and threat hunting.
• Communication & Reporting: Excellent written and verbal communication skills to document complex technical findings clearly and to brief non-technical stakeholders or management during and after security incidents

Preferred Qualifications:

• Scripting & Automation: Proficiency in scripting or light programming (Python, PowerShell, bash, etc.) to automate SOC processes, parse large data sets, or develop custom detection rules. Experience creating scripts to expedite tasks (log parsing, data enrichment, etc.) is highly valued.
• Cloud Security Experience: Familiarity with security monitoring in cloud environments (AWS, Azure, GCP) and analyzing cloud service logs. Experience investigating incidents in cloud-based systems or using cloud-native security tools is a plus, as financial institutions increasingly utilize cloud infrastructure.
• Industry-Specific Knowledge: Prior employment in a financial services SOC or other regulated industry
• (e.g., banking, insurance) is beneficial. Knowledge of relevant compliance standards (like PCI-DSS for payment data security, GLBA for financial privacy) can help in understanding the context of security operations requirements in finance.
• Additional Certifications: Management or leadership-oriented certifications such as CISSP (Certified
• Information Systems Security Professional) or vendor-specific certifications (like AWS Certified Security
• Specialty) can be advantageous, indicating a broad understanding of security program management or specialized technical domains.