Offensive Security Engineer (Remote)

Your Opportunity

At Schwab, you're empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us "challenge the status quo" and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

Schwab Technology Services enables the future of how clients manage their money by providing innovative and reliable technology products and services as part of our ongoing commitment to democratize access to investing and financial planning.

The Offensive Security Engineer scopes, designs and executes controlled cybersecurity offensive operations, penetration tests and threat adversary emulation exercises to identify vulnerabilities and risks, evaluate the effectiveness of security controls and the incident response process. The Offensive Security Engineer documents any identified risks, translates technical findings into clear, actionable recommendations and works with stakeholders to identify appropriate mitigating controls to manage any outstanding risk. The Offensive Security Engineer works closely with counterparts in defensive teams to improve threat detection and response and engineering teams to mitigate risk before it's introduced into the environment.

- Scope, develop and execute penetration tests, purple team assessments and red team exercises.

- Design and develop tools, infrastructure and exploits in support of red team operations.

- Research and implement assessments based on emerging threats, threat intelligence, and vulnerabilities.

- Identify gaps in threat detection, Prevention and response.

- Work collaboratively with counterparts in Cyber Defense roles to enhance the firms security posture.

- Effectively communicate vulnerabilities, risks and technical findings to stakeholders and work with stakeholders to recommend and validate mitigating controls.

What you have

Required Qualifications

- 5+ years of experience in offensive security, penetration testing or red team role.

- Experience with common red team adversary emulation tooling and C2 frameworks.

- Advanced knowledge of the tools, tactics, procedures and counter measures.

- Experience researching emerging threats and TTP's, developing complementary assessments, and executing those assessments to understand and manage risk and develop appropriate counter measures.

- Experience evaluating, reporting and communicating risk at both the technical level (ATT&CK/STRIDE/DREAD) and at an audience appropriate level with stakeholders across the firm.

- Experience working with cross-discipline project teams to advance security within the firm.

- In-depth experience with one or more of the following cybersecurity disciplines: Endpoint Penetration testing with a focus on bypassing modern EDR controls (across Windows, Mac and Linux), Exploit & Malware Development, Web Application Penetration Testing, Cloud Penetration Testing, AI Red Teaming, and Assessing digital assets and cryptocurrency solutions.

Preferred Qualifications

- One or more of the following security certifications preferred: Offensive Security Certified Professional OSCP, GIAC Penetration Tester GPEN, GXPN Offensive Security Certified Professional or similar security certification(s).

- BS in Computer Science or equivalent degree/experience desired.

- Operational blue team experience.