About the position
At Schwab, you're empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us 'challenge the status quo' and transform the finance industry together. We are seeking a motivated Analyst to assist the Schwab Red Team by managing the firm's red team findings and vulnerability mitigation efforts. As a Cybersecurity Findings Analyst, you will be responsible for working with penetration testers to document vulnerabilities, recommendations and observations found during test efforts, work with finding owners to manage and document the progression of any mitigating controls or actions, and assist with validating the effectiveness of any mitigating controls and actions. This position offers an opportunity to actively manage and mitigate risk to the firm by ensuring the prioritization and timely mitigation of vulnerabilities and security risks. The role would be ideally suited to an individual with experience managing tasks and small projects with an interest in offensive security and includes opportunities to participate in red team exercises and penetration tests.
Responsibilities
- Reviewing penetration test results: Thoroughly examining the data gathered by penetration testers, including identified vulnerabilities, exploitability levels, and potential attack vectors.
- Assist with assigning severity and criticality for each vulnerability or finding, identifying recommendations and appropriate observations.
- Work with penetration testers on documenting findings identified during test efforts.
- Ensure findings are sufficiently detailed, clearly communicate risk, can be reproduced by stakeholders, and have appropriate evidence of exploits and recommended next steps.
- Work with penetration testers on documenting and managing finding creation in JIRA.
- Assist with presenting findings to stakeholders, including technical and non-technical audiences and explaining the risks in understandable terms.
- Work with stakeholders to identify finding owners, obtain regular updates on necessary fixes and progress, and document finding mitigation efforts.
- Document all finding management efforts in JIRA.
- Actively monitor & document finding progress with stakeholders.
- Work either independently or with penetration testers to reproduce penetration test findings, validate the effectiveness of mitigating controls, and document evidence of closed findings.
- Participate in penetration tests, control tests and red team exercises.
Requirements
- Broad familiarity with network protocols, operating systems, web application security, databases, and common vulnerabilities (OWASP/CVE).
- Familiarity with Cybersecurity industry standards and best practices for secure system design and configuration.
- Ability to analyze complex data, identify patterns, and draw logical conclusions about potential threats.
- Familiarity with common approaches to risk rating such as CVE, CVSS and DREAD.
- Clear and concise communication of technical information in a way that is easily understood by non-technical audiences.
- Experience managing small projects, tasks, bugs or issues.
- Identifying practical solutions to mitigate vulnerabilities and implement effective security controls.
Nice-to-haves
- Experience in a bug, findings or vulnerability management role.
- Relevant certifications such as CISSP, GPEN or OSCP.
- Experience managing projects, tasks & Issues in JIRA.
- Bachelor's degree in cybersecurity, information technology, or a related field preferred.
- Experience with scripting and automation (e.g. Python, PowerShell, JIRA Simple Issue Language) a plus.
Benefits
- This role is also eligible for bonus or incentive opportunities.
A Smarter and Faster Way to Build Your Resume