Cybersecurity Escalation Response Manager

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

Seeking an Individual Contributor in Digital Forensics and Incident Response (DFIR). This role is with the DFIR team for a Senior Manager experienced in Incident Response and Digital Forensics. The Sr Manager DFIR will coordinate and execute the proactive efforts with the other teams throughout the organization for the identification, forensic collection, correlation, analysis, training, post-mortem and reporting of computer-related security events.

This individual works closely with a broad range of professionals at all levels within Schwab technology, internal and external legal, HR, and business representatives. The DFIR Sr. Manager is responsible for setting up communication channels, inviting the appropriate people into those channels during an incident, and training team members on best practices for not only incident management, but also communication during an incident. The position will direct investigations, incident response, forensic chain of custody and prepare CSC for adverse events. They will be expected to use Cyber intelligence to proactively seek out threats and protect firm from harm.

What You Are Good At

• Command of response activities by quickly assessing the incident, make decisions about what to do, which team members are needed, and what actions come next at every stage of the resolution process.
• Expert listener, well-versed in gathering, synthesizing, and prioritizing expert recommendations and managing expectations.
• Communications and Liaison with Business Units, HR, Legal and/or external entities.
• Development and maintenance of Incident Response processes, exercises, and training of others
• Understand all phases of Incident Response and know which tasks occur at each phase: identification, containment remediation, recovery, after action reporting/lessons learned
• Coordination and execution of proactive constant exercises and various levels teaching the Incident Response processes
• Technically understand and participate in malware analysis, including Static, Dynamic, Behavioral analysis.
• Strong understanding of technical forensics to include computer, memory, mobile and network forensics
• Strong understanding of threat hunting and Mitre Att&ck Framework
• Assist in the development of indicators of compromise and cyber intelligence data to supply the Cyber Intelligence function with data for sharing, reporting and metrics
• Training and analysis of impact and capabilities of Incident Response
• Development of business impactful metrics to understand the capabilities of resilience and agility
• Continuous learning to maintain competitive advantage in the security space
• Oversight and review of current tools and processes to find efficiencies and effectiveness
  
  

What you have

• Confident decision maker and leadership skills with strong problem-solving skills
• Strong communications and organization capabilities, with attention to detail
• Trustworthy integrity, character, courage, and honesty
• Ongoing networking and building intelligence and industry networks
• Computer, Memory & Network Forensics experience
• Digital Forensics Chain of Custody Experience.
• 5 years of Incident Management skills and experience
• Foresight and development of playbooks, IR frameworks, Tabletop Exercises
• Advanced and current knowledge of malware families, campaigns, and related threat groups
• Experience with Cloud Forensics and Cloud Incident Response across all cloud platforms - preferred
• Experience with networking environments including Windows networking, Cisco, Juniper
• Experience with Unix, Linux, Mac operating systems
• Knowledge of social engineering campaigns, exploit kits, tactics and techniques used by threat groups.
• Advanced knowledge of network security and DOS/DDoS attacks and mitigation. Including DNS and Layer 7 attacks preferred
• Advanced knowledge of web attacks and response (Web Application Firewalls, Network Firewalls, etc.) preferred
• Minimum of 10 years of progressive experience in technology and/or information security
• Minimum of 3 years of experience in a team leadership role
• Bachelor's Degree (Computer Science or Information Systems) and/or equivalent applicable experience
• Industry Certification and/or CISSP certifications desirable
  
  

What’s in it for you

At Schwab, you’re empowered to shape your future. We champion your growth through meaningful work, continuous learning, and a culture of trust and collaboration—so you can build the skills to make a lasting impact. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.

We offer a competitive benefits package that takes care of the whole you – both today and in the future:

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance