Penetration Tester - Remote

Your Opportunity

Our mission within Corporate Risk Management (CRM) is to execute an independent and coordinated risk management program that supports delivery of predictable long-term financial and operational performance to produce successful client and shareholder outcomes. In CRM’s Technology Risk Management (TRM) organization, we support CRM’s mission by managing information and technology risks to protect client assets, client information and firm assets.

Our Threat Management & Penetration Testing (TMPT) team is seeking a penetration tester in the second line of defense model who will help strengthen the Technology Risk Management program by conducting and overseeing various penetration testing activities. This is a small team making a big impact as they are essentially “hacking” Schwab on a regular basis to prevent outside risk. By conducting infrastructure, network, wireless, IoT, application and mobile penetration tests along with social-engineering tests this individual will be a key player in keeping the firm and our clients safe from hackers.

What you have **

Required Qualifications**

• 5-10 years of experience in information security
• 5+ years of penetration testing experience
• Flexibility to work after market hours (7:00pm – 7:00am EST) for specific tests
• Experience running a variety of penetration testing tools, performing manual testing, validating test results, identifying root cause, analyzing vulnerabilities, and helping develop platform-specific remediation plans
• Experience with multiple Operating Systems such as Windows, Linux, Mac OSX, iOS, and Android
• Experience with scripting languages

Preferred Qualifications

• Knowledge of adversarial activity in order to replicate similar tactics, techniques, and procedures (TTPs) during internal and external security assessments.
• Familiarity with cybersecurity concepts, OWASP Top-10, and top SANS vulnerabilities
• Understanding of networking, applications, coding, penetration testing, exploit development, and threat modeling
• Ability to assess and effectively communicate the operational, technical, and financial impact of findings and control issues to executive and business leadership, using language that is relevant to and understandable by the business
• One or more of the following security certifications preferred: Offensive Security Certified Professional (OSCP); Offensive Security Web Expert (OSWE); GIAC Penetration Tester (GPEN); GIAC Web Application Penetration Tester (GWAPT) eLearnSecurity Certified Penetration Tester eXtreme (eCPTX); eLearnSecurity Web application Penetration Tester (eWPT); Certified Information Systems Security Professional (CISSP)
• Driven with a hunger to learn
• A passion for problem solving
• Ability to work well with others and contribute to the advancement of the team

What’s in it for you

At Schwab, we’re committed to empowering our employees’ personal and professional success. Our purpose-driven, supportive culture, and focus on your development means you’ll get the tools you need to make a positive difference in the finance industry. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.

We offer a competitive benefits package that takes care of the whole you – both today and in the future:

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance