Senior Cloud Security Developer

Position Overview

Seeking a Senior Cloud Security Developer for the Charles Schwab Security Operations Team. This role is with the DFIR Team and is the Senior Cloud DFIR developer, Cloud DFIR development trainer, and the main DFIR Cloud development program point of contact. The Senior Cloud Security Developer will coordinate and execute the proactive efforts with the Cloud Engineering, DFIR, and other Cyber Defense teams for the development, engineering, analysis, training, and reporting of the Schwab multi-cloud environment. This individual works closely with a broad range of professionals at all levels within Schwab technology, Cybersecurity, Audit, Risk and business units. The Senior cloud developer will be responsible for setting up communication channels between Cloud Engineering and on prem Cybersecurity customers. The position will lead development of cloud DFIR environments, processes, and training.

Key Responsibilities

• Perform development work within Cloud Technologies such as AWS, GCP, and Microsoft Azure.
• Plan, design, and build cloud security architectures; oversee the implementation of cloud network and computer security to ensure compliance with corporate cybersecurity policies and procedures.
• Respond immediately to cloud cybersecurity-related incidents and provide thorough post-event analysis.
• Code/script within the cloud environment using various cloud scripting languages.
• Implement cloud software fixes (patches) to remove system vulnerabilities.
• Investigate cloud intrusion incidents and conduct forensic investigations in support of the DFIR team.
• Quickly understand complex cloud problems and develop effective solutions.
• Communicate effectively with teams and organizational leaders, demonstrating strong listening skills and proactive inquiry.
• Exhibit strong interpersonal, analytical, and problem-solving skills along with a high attention to detail.
• Collaborate as a teammate by cross-training peer teams on cloud security designs and technology development.
• Thrive in a fast-paced environment across multiple time zones and locations.
• Participate in security assessments of cloud platforms, applications, and systems using penetration and vulnerability testing and risk analysis.
• Develop and evaluate compliance strategies to mitigate cloud cybersecurity risk and safeguard company assets.
• Research and interpret governmental laws, regulations, industry standards, and contractual obligations to define cloud compliance requirements.

Required Qualifications

• Minimum of 10+ years of progressive experience in cloud technology and information security.
• Minimum of 10+ years of progressive experience in cloud technology and DFIR.
• 1+ year of Schwab technology domain experience as a current or recent contractor or employee.
• Strong decision-making and leadership skills with proven problem-solving abilities.
• Excellent communication and organizational capabilities with a keen attention to detail.
• Demonstrated trustworthy integrity, character, courage, and honesty.
• Experience in developing cloud playbooks, IR frameworks, and conducting Tabletop Exercises.
• Experience in strategic and operational development of cloud DFIR playbooks, processes, and Tabletop Exercises.
• Knowledge of cloud computer, memory, and network forensics.
• Hands-on experience with cloud DFIR across compute, memory, and network for multiple cloud service providers.
• Experience in architecting and engineering DFIR environments across multiple CSPs.
• Advanced knowledge of cloud network security and DOS/DDoS attacks and mitigation, including DNS and Layer 7 attacks.
• Familiarity with application security best practices, Infrastructure-as-Code, and container security.
• Understanding of social engineering campaigns, exploit kits, tactics, and techniques aimed at cloud platforms.
• Current knowledge of threat groups, campaigns, and related tactics and techniques.
• Experience mapping cloud MITRE TTPs to DFIR requirements.
• Advanced awareness of malware families, campaigns, and associated threat groups.
• Experience with networking environments including Windows networking, Cisco, and Juniper.
• Experience in cloud network architecture across multiple CSPs.
• Proficiency with Unix, Linux, Mac, and Windows operating systems.
• Bachelor's Degree in Computer Science, Information Systems, or equivalent applicable experience.
• Industry certifications and/or CCSP certifications are desirable, including GCFR, GCTD, GCAD, CCSP, GCP/AWS/Azure, GCIH, GCFA, GNFA, GREM, GCFE, GCIA, GEIR, and DFIR certifications.

Preferred Qualifications

• Experience with Cloud Forensics and Cloud Incident Response across all cloud platforms is preferred.

Benefits & Perks

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and a 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance