Your Opportunity
Our mission within Corporate Risk Management (CRM) is to execute an independent and coordinated risk management program that supports delivery of predictable long-term financial and operational performance to produce successful client and shareholder outcomes. In CRM's Technology Risk Management (TRM) organization, we support CRM's mission by managing information and technology risks to protect client assets, client information and firm assets.
Our Threat Management & Penetration Testing (TMPT) team is seeking a Penetration Tester in the second line of defense model who will help strengthen the Technology Risk Management program by conducting and overseeing various penetration testing activities. This is a small team making a big impact as they are essentially "hacking" Schwab on a regular basis to prevent outside risk. By conducting infrastructure, network, wireless, IoT, application and mobile penetration tests along with social-engineering tests this individual will be a key player in keeping the firm and our clients safe from hackers.
What you have
Required Qualifications
Preferred Qualifications
Our mission within Corporate Risk Management (CRM) is to execute an independent and coordinated risk management program that supports delivery of predictable long-term financial and operational performance to produce successful client and shareholder outcomes. In CRM's Technology Risk Management (TRM) organization, we support CRM's mission by managing information and technology risks to protect client assets, client information and firm assets.
Our Threat Management & Penetration Testing (TMPT) team is seeking a Penetration Tester in the second line of defense model who will help strengthen the Technology Risk Management program by conducting and overseeing various penetration testing activities. This is a small team making a big impact as they are essentially "hacking" Schwab on a regular basis to prevent outside risk. By conducting infrastructure, network, wireless, IoT, application and mobile penetration tests along with social-engineering tests this individual will be a key player in keeping the firm and our clients safe from hackers.
What you have
Required Qualifications
- 5-10 years of experience in information security
- 5+ years of penetration testing experience
- Flexibility to work after market hours (7:00pm - 7:00am EST) for specific tests
- Experience running a variety of penetration testing tools, performing manual testing, validating test results, identifying root cause, analyzing vulnerabilities, and helping develop platform-specific remediation plans
- Experience with multiple Operating Systems such as Windows, Linux, Mac OSX, iOS, and Android
- Experience with scripting languages
Preferred Qualifications
- Knowledge of adversarial activity in order to replicate similar tactics, techniques, and procedures (TTPs) during internal and external security assessments.
- Familiarity with cybersecurity concepts, OWASP Top-10, and top SANS vulnerabilities
- Understanding of networking, applications, coding, penetration testing, exploit development, and threat modeling
- Ability to assess and effectively communicate the operational, technical, and financial impact of findings and control issues to executive and business leadership, using language that is relevant to and understandable by the business
- One or more of the following security certifications preferred: Offensive Security Certified Professional (OSCP); Offensive Security Web Expert (OSWE); GIAC Penetration Tester (GPEN); GIAC Web Application Penetration Tester (GWAPT) eLearnSecurity Certified Penetration Tester eXtreme (eCPTX); eLearnSecurity Web application Penetration Tester (eWPT); Certified Information Systems Security Professional (CISSP)
- Driven with a hunger to learn
- A passion for problem solving
- Ability to work well with others and contribute to the advancement of the team