Senior Security Engineer, Secure Configuration Management

Your opportunity

At Schwab, you are empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together. 

The Schwab Cybersecurity Services (SCS) organization is a centralized 1st Line of Defense Center of Excellence (COE) that provides security services to advance Schwab’s security posture and enhance the protection of Schwab’s critical assets. Enterprise Vulnerability Management (EVM) is responsible for Secure Configuration Management – and we need a skilled and experienced Senior Engineer to help us translate hardening guidance into practical enforcement. This is an individual contributor role with no direct reports. 

The Opportunity

The Enterprise Vulnerability Management (EVM) team is expanding our secure configuration management program. We’re looking for a technically strong, solutions-oriented Senior Engineer to help translate hardening guidance into real-world enforcement. In this individual contributor role, you’ll serve as a subject matter expert for secure configuration implementation across the firm’s core infrastructure.  

You’ll be instrumental in bringing our secure baselines to life – contributing to automation efforts, enhancing monitoring, and partnering with teams to drive measurable risk reduction. If you’re passionate about making secure defaults the norm, we’d love to chat.  

What you’ll do: 

• Translate secure configuration baselines into code using automation tools (e.g., Ansible, Terraform)  

• Collaborate with infrastructure and security teams to drive consistent baseline implementation and monitoring  

• Enhance drift detection and alerting capabilities across platforms  

• Develop scalable enforcement approaches, including self-healing and remediation logic  

• Serve as a technical advisor on automation strategies related to baseline compliance  

• Consult on automated approaches to enforce configurations and enable self-healing capabilities using automation platforms 

• Advocate for scalable security: reduce noise, improve coverage, and automate sanity checks  

What you have

Required Qualifications: 

• 7+ years of experience with secure configuration management, including compliance monitoring (e.g., Qualys or equivalent)  

• Proficiency with scripting or infrastructure-as-code tools (e.g., Python, YAML)  

• Experience developing Ansible playbooks (YAML) to automate secure configurations  

• Familiarity with CIS Benchmarks, NIST, DISA STIGS, or vendor-specific hardening guidelines  

• Solid systems knowledge (Linux, Windows, cloud, or networking preferred)  

• A clear, thoughtful communication style and a collaborative approach to problem solving 
• Bachelor's Degree in Computer Science, Engineering, or a related field

Preferred Qualifications:

• Security certifications, such as CISSP, CISM, GIAC, or Cloud Security certifications are preferred 

• Hands on experience administering one or more technology platforms is a plus 

In addition to the salary range, this role is also eligible for bonus or incentive opportunities.