Endpoint Cloud Security Engineer
Your Opportunity
Your opportunity
At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.
We believe in the importance of in‑office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).
We are seeking a highly skilled, advisory‑focused Senior Endpoint Security Engineer with deep expertise in cloud workload security. In this role, you will serve as a subject matter expert, providing guidance, reviews, and approvals for endpoint detection and response (EDR) and cloud workload security across AWS and GCP. This is not a hands‑on implementation role; instead, you will influence design, evaluate risk, ensure standards compliance, and represent security interests in engineering and architecture conversations.
What you’ll be responsible for:
Cloud Endpoint Security Governance & Advisory
- Provide expert guidance on EDR strategy, standards, and policy expectations for AWS and GCP workloads.
- Review and advise on EDR policy changes proposed by engineering teams to ensure alignment with Schwab’s security controls and regulatory requirements.
- Interpret detection, prevention, and tuning requests and provide recommendations grounded in cloud workload behavior and threat models.
EDR Agent Coverage & Cloud Compute Security Oversight
- Define expectations for cloud unit-level EDR deployment and telemetry coverage across AWS and GCP compute platforms (EC2, GCE, containers, serverless).
- Review engineering teams’ implementation plans and identify gaps, risks, or deviations from required controls.
- Influence platform teams to incorporate endpoint protections into compute and container service baselines.
Cloud Workload Security Risk Reviews
- Lead security risk assessments for cloud workloads, architectural changes, and new services.
- Evaluate risk findings for completeness, severity, and alignment with enterprise standards.
- Provide risk‑based recommendations and escalate residual risk where appropriate.
Security Architecture Review & Approval
- Conduct architecture and design reviews for AWS and GCP workloads.
- Validate adherence to security principles, including identity and access models, segmentation, encryption, secrets management, runtime security, and logging.
- Provide advisory approval or required changes for workloads moving through governance processes.
Compute & Container Platform Advisory
- Review platform‑level architectures for services such as EKS, GKE, ECS, Cloud Run, Lambda, and GCE.
- Recommend improvements to platform controls including image governance, pipeline security, workload identity, configuration hygiene, and runtime telemetry.
- Serve as a trusted advisor to platform owners for roadmap planning and major design initiatives.
Security Representation in Cross‑Functional Working Groups
- Represent the Security Engineering perspective in cloud governance, DevSecOps forums, architecture review boards, and engineering collaboration groups.
- Advocate for secure architecture decisions while balancing operational requirements and business goals.
- Communicate complex security considerations to technical and non‑technical stakeholders with clarity and influence.
What you have
Required Qualifications
- Bachelor’s degree in computer science or a related field.
- 7+ years of progressive cybersecurity engineering experience.
- Minimum 3 years of experience advising or engineering endpoint security controls in public cloud environments (AWS or GCP required).
- At least 3 years of technical experience with AWS, Azure, or GCP cloud services.
- Experience with cloud‑native security tools such as Wiz, Prisma, or Zscaler.
- Proficiency in at least one automation or scripting language (Python, Bash, PowerShell, Golang).
- Familiarity with DevSecOps practices, CI/CD tooling, and infrastructure-as-code concepts (Terraform, Ansible, Salt, etc.).
- Strong understanding of cloud architecture patterns, workload risk drivers, and security control design.
- Experience supporting or advising on security in a highly regulated industry, ideally financial services.
- Experience with mission‑critical, 24x7 environments.
Preferred Qualifications
- Relevant cybersecurity certifications such as CISSP, CCSP, CCSK, or cloud provider security certifications.
- Understanding of cloud provider services across compute, storage, database, AI/ML, and middleware.
- Demonstrated ability to stay current with emerging threats, vulnerabilities, and cloud security technologies.
- Excellent communication skills with the ability to articulate complex technical concepts to engineers and leadership.
What’s in it for you
At Schwab, you’re empowered to shape your future. We champion your growth through meaningful work, continuous learning, and a culture of trust and collaboration—so you can build the skills to make a lasting impact. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.
We offer a competitive benefits package that takes care of the whole you – both today and in the future:
- 401(k) with company match and Employee stock purchase plan
- Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
- Paid parental leave and family building benefits
- Tuition reimbursement
- Health, dental, and vision insurance
What you are good at
What you have
Required Qualifications
- Bachelor’s degree in computer science or a related field.
- 7+ years of progressive cybersecurity engineering experience.
- Minimum 3 years of experience advising or engineering endpoint security controls in public cloud environments (AWS or GCP required).
- At least 3 years of technical experience with AWS, Azure, or GCP cloud services.
- Experience with cloud‑native security tools such as Wiz, Prisma, or Zscaler.
- Proficiency in at least one automation or scripting language (Python, Bash, PowerShell, Golang).
- Familiarity with DevSecOps practices, CI/CD tooling, and infrastructure-as-code concepts (Terraform, Ansible, Salt, etc.).
- Strong understanding of cloud architecture patterns, workload risk drivers, and security control design.
- Experience supporting or advising on security in a highly regulated industry, ideally financial services.
- Experience with mission‑critical, 24x7 environments.
Preferred Qualifications
- Relevant cybersecurity certifications such as CISSP, CCSP, CCSK, or cloud provider security certifications.
- Understanding of cloud provider services across compute, storage, database, AI/ML, and middleware.
- Demonstrated ability to stay current with emerging threats, vulnerabilities, and cloud security technologies.
- Excellent communication skills with the ability to articulate complex technical concepts to engineers and leadership.
Why Schwab?
At Schwab, “Own Your Tomorrow” embodies everything we do! We are committed to helping our employees unleash their potential and achieve their dreams. Our employees get to play a central role in disrupting a multi-trillion-dollar industry, creating a better, more modern way to build and manage wealth. We’re a modern financial services firm that stands apart from the industry, where you can go as far as your ambition takes you.
Hear from employees: What’s it like to work at Schwab!
The benefits of working at Schwab : a package designed to empower your health, wealth, career and life. Schwab is committed to building a diverse and inclusive workplace where everyone feels valued.
As an equal employment opportunity employer, our policy is to provide equal employment opportunities to all employees and applicants without regard to any status that is protected by law. (Please click here to see policy.)
Schwab is also an affirmative action employer, focused on advancing women, minorities, veterans, and individuals with disabilities in the workplace. We believe diversity and inclusion are part of our success as a company and our purpose of serving every client with passion and integrity.