• Application Security Analyst

    Charles Schwab (Southlake, TX)


    Your opportunity

     

    At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

     

    We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

     

    As an entry-level Application Security Engineer, you’ll help build security into our software from design through delivery. You’ll partner with developers and product teams to identify and remediate vulnerabilities, support dynamic application security testing (DAST), and strengthen API security controls. You’ll use foundational programming knowledge in **Java** and **.NET** to understand how issues appear in code and how to fix them efficiently.

     

    You’ll operate within Schwab’s **Secure Application Development Standard** and leverage our AppSec services to “shift left” and continuously improve our security posture.

    Key Responsibilities

    + **Perform and support DAST** (e.g., running scans, triaging findings, and retesting after fixes) for web and API-based services; collaborate with engineering to prioritize and remediate issues.

    + **Apply OWASP Top 10** knowledge to identify common vulnerability categories (e.g., broken access control, injection, SSRF) and advise teams on secure patterns

    + **Strengthen API security** by participating in inventory, vulnerability triage, and testing activities aligned to our program approach.

    + **Partner with developers** to reproduce findings, review fixes, and validate remediation—using your understanding of **Java/.NET** code paths, frameworks, and typical anti-patterns.

    + **Support “shift-left” practices** by integrating AppSec tooling into build pipelines and promoting developer experience best practices (e.g., automation, workflow orchestration).

    + **Document** vulnerabilities, remediation steps, and residual risk; contribute to secure coding guides and internal knowledge bases.

    + **Monitor and follow up** on open issues; help coordinate cross-team actions during security test cycles and release gating

    + **Maintain accurate documentation** of security findings, remediation status, and communications with stakeholders.

    + **Contribute to continuous improvement** of application security processes and tooling.

     

    What you have

    Required Qualifications

    + **Exposure to OWASP Top 10** concepts and practical examples (web & API).

    + **Hands-on familiarity with DAST** workflows and tools (running scans, reading reports, working with developers to fix).

    + **API Security** fundamentals (authentication/authorization, rate limiting, schema validation, common API risk scenarios, common API technologies; REST, SOAP, GraphQL).

    + **Programming fundamentals** in **Java** and **.NET** (e.g., HTTP request/response, input validation, authN/authZ, secure configuration).

    + Understanding of SDLC and DevSecOps basics (version control, CI/CD, unit/integration testing).

    + Clear written and verbal communication; ability to explain findings to non-security stakeholders.

    Preferred Qualifications

    + Coursework, projects, or internships involving secure coding, code review, or vulnerability remediation in **Java/.NET** .

    + Familiarity with AppSec tooling including common DAST capabilities, BURP Suite, and development tools.

    + Exposure to **API security testing** approaches (linting, governed specs/OpenAPI, risk profiling, and CI integration).

    + Participation in security labs or events (e.g., OWASP workshops, cyber ranges).

    + Bachelor’s Degree in a relevant field, (Computer Science, MIS, Cyber Security).

    + Certifications including CEH, Security+, OSCP

     

    What’s in it for you

     

    At Schwab, you’re empowered to shape your future. We champion your growth through meaningful work, continuous learning, and a culture of trust and collaboration—so you can build the skills to make a lasting impact. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.

    We offer a competitive benefits package that takes care of the whole you – both today and in the future:

    + 401(k) with company match and Employee stock purchase plan

    + Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions

    + Paid parental leave and family building benefits

    + Tuition reimbursement

    + Health, dental, and vision insurance

    What’s in it for you:

    At Schwab, we’re committed to empowering our employees’ personal and professional success. Our purpose-driven, supportive culture, and focus on your development means you’ll get the tools you need to make a positive difference in the finance industry. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.

    We offer a competitive benefits package that takes care of the whole you – both today and in the future:

    401(k) with company match and Employee stock purchase plan

     

    Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions

     

    Paid parental leave and family building benefits

     

    Tuition reimbursement

    Health, dental, and vision insurance

    Schwab is an affirmative action employer, focused on employing and advancing in employment, qualified women, racial and ethnic minorities, protected veterans, and individuals with disabilities in the workplace. If you have a disability and require reasonable accommodations in the application process, contact Human Resources at [email protected] or call 800-275-1281.