Sr. Manager, Secure Configuration Management

Pay range: USD $135,000.00 - $188,000.00 / Year

Your opportunity

Charles Schwab's Enterprise Vulnerability Management (EVM) organization is seeking a Sr. Manager, Security Development & Engineering Senior. You will be responsible for maturing and maintaining a robust Secure Configuration Management program that enforces industry-standard benchmarks (e.g., CIS, DISA STIGs, etc.) across a wide array of technologies, including servers, databases, network devices, endpoints and cloud environments. You will drive configuration drift monitoring and remediation processes, ensuring continuous compliance through automated scanning and reporting. Additionally, you will collaborate with other Schwab Cybersecurity Service teams, IT and engineering teams to govern deviations, assess configuration-related risks, and establish self-healing mechanisms that enhance security posture while balancing operational needs.

• Establish and maintain secure configuration baselines for in-scope technologies using industry recommendations or vendor hardening guidelines
• Partner with technology owners on any changes or updates required to baseline settings on an ad-hoc and periodic basis
• Define and manage a process for tracking deviations from industry or vendor guidelines for in-scope technologies to influence increased coverage
• Develop dashboards and reports to provide visibility into configuration compliance, drift trends, and overall risk posture
• Collaborate closely with other security teams and technology owners to ensure security requirements are incorporated in build and pre-production processes
• Implement monitoring capabilities to continuously detect, track, and report on configuration drift against in-scope baseline settings using industry standard tools (e.g., Qualys, SCCM, Prisma Cloud, Intune)
• Consult on automated approaches to enforce configurations and enable self-healing capabilities using automation frameworks, Infrastructure as Code (IaC) or Policy as Code
• Act as a SME during internal audits, risk assessments or security investigations related to secure configuration management

• 7+ years of experience in secure configuration management, vulnerability management, or other related security disciplines in enterprise environments
• Strong expertise in security baseline configurations across Windows, Linux, macOS, cloud, database and network infrastructure
• Hands on experience with configuration management and secure compliance monitoring tools (e.g., Ansible, Qualys, SCCM, Prisma Cloud, Intune)
• Proficiency in automation tools for enforcing and maintaining configurations (e.g., Ansible, Terraform)
• Experience with operating in a regulated environment such as Financial Services
• Receives minimal instruction and guidance acting independently to determine approaches on new projects or assignments
• Ability to act as a trusted advisor with business area expertise and thought leadership to influence organizational outcomes
• Strong analytical and problem-solving skills, with the ability to communicate security risks to technical and non-technical audiences
• Security certifications, such as CISSP, CISM, GIAC, or Cloud Security certifications are preferred
• Hands on experience with one or more technology platforms as an administrator is preferred

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance