Charles Schwab · 4 hours ago
Application Security Analyst
Ann Arbor, MI
Full-time
Hybrid
New Grad, Entry LevelCharles Schwab is a leading financial services company focused on innovation and collaboration. They are seeking an entry-level Application Security Engineer to help build security into software development, partnering with teams to identify and remediate vulnerabilities while supporting application security testing and practices.
Financial Services
Responsibilities
Perform and support DAST (e.g., running scans, triaging findings, and retesting after fixes) for web and API-based services; collaborate with engineering to prioritize and remediate issues
Apply OWASP Top 10 knowledge to identify common vulnerability categories (e.g., broken access control, injection, SSRF) and advise teams on secure patterns
Strengthen API security by participating in inventory, vulnerability triage, and testing activities aligned to our program approach
Partner with developers to reproduce findings, review fixes, and validate remediation—using your understanding of Java/.NET code paths, frameworks, and typical anti-patterns
Support “shift-left” practices by integrating AppSec tooling into build pipelines and promoting developer experience best practices (e.g., automation, workflow orchestration)
Document vulnerabilities, remediation steps, and residual risk; contribute to secure coding guides and internal knowledge bases
Monitor and follow up on open issues; help coordinate cross-team actions during security test cycles and release gating
Maintain accurate documentation of security findings, remediation status, and communications with stakeholders
Contribute to continuous improvement of application security processes and tooling
Qualification
Required
Exposure to OWASP Top 10 concepts and practical examples (web & API)
Hands-on familiarity with DAST workflows and tools (running scans, reading reports, working with developers to fix)
API Security fundamentals (authentication/authorization, rate limiting, schema validation, common API risk scenarios, common API technologies; REST, SOAP, GraphQL)
Programming fundamentals in Java and .NET (e.g., HTTP request/response, input validation, authN/authZ, secure configuration)
Understanding of SDLC and DevSecOps basics (version control, CI/CD, unit/integration testing)
Clear written and verbal communication; ability to explain findings to non-security stakeholders
Preferred
Coursework, projects, or internships involving secure coding, code review, or vulnerability remediation in Java/.NET
Familiarity with AppSec tooling including common DAST capabilities, BURP Suite, and development tools
Exposure to API security testing approaches (linting, governed specs/OpenAPI, risk profiling, and CI integration)
Participation in security labs or events (e.g., OWASP workshops, cyber ranges)
Bachelor's Degree in a relevant field, (Computer Science, MIS, Cyber Security)
Certifications including CEH, Security+, OSCP
Benefits
401(k) with company match and Employee stock purchase plan
Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
Paid parental leave and family building benefits
Tuition reimbursement
Health, dental, and vision insurance
Company
Charles Schwab
We have plans for every turn you take.
Founded in 1973
10001+ employees
H1B Sponsorship
Charles Schwab has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (579)
2024 (468)
2023 (455)
2022 (705)
2021 (483)
2020 (282)
Funding
Current Stage
Late StageLeadership Team
J
Jim McGreevy
Senior Project Manager
Recent News
2025-10-04
Morningstar.com
2025-09-28
Company data provided by crunchbase