Endpoint Cloud Security Engineer

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We believe in the importance of in‑office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

We are seeking a highly skilled, advisory‑focused Senior Endpoint Security Engineer with deep expertise in cloud workload security. In this role, you will serve as a subject matter expert, providing guidance, reviews, and approvals for endpoint detection and response (EDR) and cloud workload security across AWS and GCP. This is not a hands‑on implementation role; instead, you will influence design, evaluate risk, ensure standards compliance, and represent security interests in engineering and architecture conversations.

• Provide expert guidance on EDR strategy, standards, and policy expectations for AWS and GCP workloads.
• Review and advise on EDR policy changes proposed by engineering teams to ensure alignment with Schwab’s security controls and regulatory requirements.
• Interpret detection, prevention, and tuning requests and provide recommendations grounded in cloud workload behavior and threat models.

• Define expectations for cloud unit-level EDR deployment and telemetry coverage across AWS and GCP compute platforms (EC2, GCE, containers, serverless).
• Review engineering teams’ implementation plans and identify gaps, risks, or deviations from required controls.
• Influence platform teams to incorporate endpoint protections into compute and container service baselines.

• Lead security risk assessments for cloud workloads, architectural changes, and new services.
• Evaluate risk findings for completeness, severity, and alignment with enterprise standards.
• Provide risk‑based recommendations and escalate residual risk where appropriate.

• Conduct architecture and design reviews for AWS and GCP workloads.
• Validate adherence to security principles, including identity and access models, segmentation, encryption, secrets management, runtime security, and logging.
• Provide advisory approval or required changes for workloads moving through governance processes.

• Review platform‑level architectures for services such as EKS, GKE, ECS, Cloud Run, Lambda, and GCE.
• Recommend improvements to platform controls including image governance, pipeline security, workload identity, configuration hygiene, and runtime telemetry.
• Serve as a trusted advisor to platform owners for roadmap planning and major design initiatives.

• Represent the Security Engineering perspective in cloud governance, Dev Sec Ops  forums, architecture review boards, and engineering collaboration groups.
• Advocate for secure architecture decisions while balancing operational requirements and business goals.
• Communicate complex security considerations to technical and non‑technical stakeholders with clarity and influence.

• Bachelor’s degree in computer science or a related field.
• 7+ years of progressive cybersecurity engineering experience.
• Minimum 3 years of experience advising or engineering endpoint security controls in public cloud environments (AWS or GCP required).
• At least 3 years of technical experience with AWS, Azure, or GCP cloud services.
• Experience with cloud‑native security tools such as Wiz, Prisma, or Zscaler.
• Proficiency in at least one automation or scripting language (Python, Bash, Power Shell, Golang).
• Familiarity with Dev Sec Ops  practices, CI/CD tooling, and infrastructure-as-code concepts (Terraform, Ansible, Salt, etc.).
• Strong understanding of cloud architecture patterns, workload risk drivers, and security control design.
• Experience supporting or advising on security in a highly regulated industry, ideally financial services.
• Experience with…