Charles Schwab
Application Security Analyst
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Charles Schwab
Charles Schwab Corporation is a leading financial services firm that has transformed the investment landscape by making financial markets more accessible. Founded in 1971 in San Francisco, the company has grown to become the largest publicly traded investment services firm in the U.S., managing approximately $7.8 trillion in client assets across 32.5 million accounts. Schwab offers a wide range of services, including discount brokerage, online trading, and custodial services for independent investment advisors. The firm is known for its low commission rates and has eliminated commissions on online stock, ETF, and options trades. It also provides a comprehensive mutual funds marketplace and full-service banking options. Schwab primarily serves individual retail investors and financial professionals, focusing on removing barriers to investing and advocating for everyday people seeking to grow their wealth.
Security at Charles Schwab
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Charles Schwab's AppSec mission is to "safeguard information and cultivate client trust, empowering people to feel secure in every interaction."They operate within Schwab's Secure Application Development Standard and leverage AppSec services to "shift left"and continuously improve security posture. Their risk philosophy involves applying OWASP Top 10 knowledge to identify common vulnerability categories and advising teams on secure patterns. A stated goal is to contribute to the continuous improvement of application security processes and tooling. Information regarding gaps and contradictions in their philosophy is not publicly available.”
Security Team
The AppSec team is part of Schwab Cybersecurity Services (SCS), which is responsible for securing access, protecting data, and safeguarding applications, endpoints, and the cloud. Bashar Abouseido is a key public-facing leader, serving as Senior Vice President, Chief Information Security Officer. He has been quoted stating that "Google is transforming security operations and enabling our vision to stay proactive in responding to cyber threats."A precise team size estimate is not publicly available. As of, there is one active AppSec job posting (Application Security Analyst) on schwabjobs.com. Common skill/tool patterns from job postings include exposure to OWASP Top 10 concepts, hands-on familiarity with DAST workflows and tools, API Security fundamentals, programming fundamentals in Java and .NET, and familiarity with AppSec tooling including common DAST capabilities and BURP Suite. Information regarding other gaps and contradictions is not publicly available.
Key Initiatives
There is no evidence found for a Security Champions Program. The team supports "shift-left"practices by integrating AppSec tooling into build pipelines and promoting developer experience best practices. Their vulnerability management process involves performing and supporting DAST for web and API-based services (intake), and partnering with developers to reproduce findings, review fixes, and validate remediation (triage/remediation). They operate within Schwab's Secure Application Development Standard as part of their Secure SDLC Artifacts. A recent initiative (within the last 6 months) highlights that Google's automated response capabilities have "dramatically reduced"the financial services company's investigation resolution time. Information regarding other gaps and contradictions is not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.