At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.
We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).
As an entry-level Application Security Engineer, you’ll help build security into our software from design through delivery. You’ll partner with developers and product teams to identify and remediate vulnerabilities, support dynamic application security testing (DAST), and strengthen API security controls. You’ll use foundational programming knowledge in Java and .NET to understand how issues appear in code and how to fix them efficiently.
You’ll operate within Schwab’s Secure Application Development Standard and leverage our AppSec services to “shift left” and continuously improve our security posture.
Key Responsibilities
Perform and support DAST (e.g., running scans, triaging findings, and retesting after fixes) for web and API-based services; collaborate with engineering to prioritize and remediate issues. Apply OWASP Top 10 knowledge to identify common vulnerability categories (e.g., broken access control, injection, SSRF) and advise teams on secure patternsStrengthen API security by participating in inventory, vulnerability triage, and testing activities aligned to our program approach.Partner with developers to reproduce findings, review fixes, and validate remediation—using your understanding of Java/.NET code paths, frameworks, and typical anti-patterns.Support “shift-left” practices by integrating AppSec tooling into build pipelines and promoting developer experience best practices (e.g., automation, workflow orchestration). Document vulnerabilities, remediation steps, and residual risk; contribute to secure coding guides and internal knowledge bases.Monitor and follow up on open issues; help coordinate cross-team actions during security test cycles and release gatingMaintain accurate documentation of security findings, remediation status, and communications with stakeholders.Contribute to continuous improvement of application security processes and tooling. What you haveRequired Qualifications
Exposure to OWASP Top 10 concepts and practical examples (web & API). Hands-on familiarity with DAST workflows and tools (running scans, reading reports, working with developers to fix). API Security fundamentals (authentication/authorization, rate limiting, schema validation, common API risk scenarios, common API technologies; REST, SOAP, GraphQL). Programming fundamentals in Java and .NET (e.g., HTTP request/response, input validation, authN/authZ, secure configuration).Understanding of SDLC and DevSecOps basics (version control, CI/CD, unit/integration testing).Clear written and verbal communication; ability to explain findings to non-security stakeholders.Preferred Qualifications
Coursework, projects, or internships involving secure coding, code review, or vulnerability remediation in Java/.NET.Familiarity with AppSec tooling including common DAST capabilities, BURP Suite, and development tools.Exposure to API security testing approaches (linting, governed specs/OpenAPI, risk profiling, and CI integration). Participation in security labs or events (e.g., OWASP workshops, cyber ranges). Bachelor’s Degree in a relevant field, (Computer Science, MIS, Cyber Security).Certifications including CEH, Security+, OSCP Options Apply for this jobApplyShareRefer a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeedWhy work for us?
At Schwab, we’re committed to empowering our employees’ personal and professional success. Our purpose-driven, supportive culture, and focus on your development means you’ll get the tools you need to make a positive difference in the finance industry.
We offer a competitive benefits package to our full-time employees that takes care of the whole you – both today and in the future:
401(k) with company match and Employee stock purchase plan Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions Paid parental leave and family building benefits Tuition reimbursement Health, dental, and vision insurance Application FAQsSoftware Powered by iCIMS
www.icims.com