Charles Schwab Sr. Staff - Cyber Threat Analyst in Phoenix, Arizona


Phoenix - AZ, PHX4701A, 4701 E Francisco Dr, 85044-5365

Christine Marie Mosby


We believe that , when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.

As a company, we were established by Chuck at over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.

Our Opportunity:

Sr. Staff, Cyber Threat Intelligence Analyst

What you’ll do:

The CTI Team is responsible for providing analysis on relevant threats to the Schwab environment in support of the overall Active Defense effort. Through the collection and analysis of threat information and historical data from various sources, the CTI team attempts to provide predictive analysis to guide overall Firm security strategy. In addition, the CTI team is key in providing additional tactical context and support to the Security Monitoring & Incident Response teams. The CTI team assists in improvement of all security functions through the creation of metrics, threat reports and briefings, threat indicators, and content for both detective and preventative controls.

The Sr. Analyst is primarily responsible for analyzing various sources of threat related data using standard toolsets and methodologies in search of patterns relating to potential threats to the Firm in support of providing risk related recommendations for action. They will provide guidance and mentoring for Jr. analysts in research and intelligence tradecraft. Sr. analysts will additionally consult on new security detection content with the Security Tools & Engineering team and work with other security teams to ensure all tools are tuned to properly detect and alert on new threat activity.

What you have:

  • Preferred Experience:

  • 5+ years working within an information security-related discipline

  • 2+ years' experience in one of the following:

  • Network operations or engineering

  • System administration on Unix, Linux, or Windows

  • Offensive security (penetration testing/vulnerability scanning)

  • 2+ years working as a SOC/CIRT team lead.

  • 2+ years working as a Cyber Threat Intelligence Analyst

  • Bachelor’s degree in a technical field (i.e. Computer Science, Computer Engineering, Intelligence Analysis) preferred, but not required

  • Experience with a Threat Intel Platform (e.g. Anomali, Threat Quotient, ThreatConnect)

  • Experience with relationship visualization software (e.g. Maltego, Palantir)

  • In-depth knowledge of network and host security technologies and products (such as firewalls, network IDS, scanners)

  • Extensive experience in topic research and data analytics

  • The capability to perform static, dynamic, and code level analysis of malicious documents and binaries leveraging sandbox technologies, debuggers/disassemblers (i.e. OllyDBG/IDA Pro), and/or open source tools. Experience with manual extraction and deobfuscation of malicious VB Macros, JavaScript, PowerShell, etc...

  • Advanced understanding of network protocols and network traffic analysis. Ability to dissect packet captures and identify anomalies

  • Experience developing custom IDS and Yara signatures based on the results on your analysis

  • Involved with information security sharing communities, working groups, and trust groups

  • History with presenting at information security conferences, local user groups, etc...

  • A passion for learning and teaching. A desire to train and mentor internal resources

  • The ability to analyze, track, and report on threat campaigns targeting Charles Schwab and/or the financial industry as a whole

  • Ability to perform vulnerability analysis and advise leadership and key stakeholders on the assessed risk and urgency

  • Proficient in one or more scripting languages (Python preferred). Contributions to open source projects a plus

  • Knowledge of User Behavior Analysis

  • Knowledge of honeypots/honeynets

  • Strong written and verbal communication skills required. Must have the ability to effectively communicate to both highly technical and executive audiences

  • Demonstrated ability to work in a team environment, able to train and coach other team members

Industry certifications such as GIAC (specifically GCIH, GCIA, and GREM), CISSP and OSCP preferred. Formal Cyber Threat Intelligence training such as SANS FOR578 or Treadstone 71 a plus.

What you’ll get:

  • Comprehensive Compensation and Benefits package

  • Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts

  • Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program

  • Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions

  • Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships

  • Not just a job, but a career, with an opportunity to do the best work of your life

Learn more about Life@Schwab at" .

Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law.

Job Specifications

Relocation Offered?: No

Work Schedule: Days

Languages: English - spoken

Current Licenses / Certifications: None

Relevant Work Experience: IT-Other Specialty Engineering-2-5 yrs

Position Located In: AZ - Phoenix

Education: BA/BS

Job Type: Full Time

Category:Information Technology

Activation Date: Tuesday, June 27, 2017

Expiration Date: Friday, September 1, 2017

Apply Here