CrawlJobs Logo

Zero Trust Operations Engineer

schwab.com Logo

Charles Schwab

Location Icon

Location:
United States , Austin

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

155000.00 - 190000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

At Schwab, you are empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us "challenge the status quo" and transform the finance industry together. We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s). The Senior Manager, Zero Trust Operations, sits at the center of Schwab’s Zero Trust security ecosystem, owning some of the firm’s most complex and high‑impact operational challenges. This role is for a deeply technical, highly trusted individual contributor who thrives in ambiguity and takes pride in leading the response to critical incidents, systemic issues, and platform risks that span cloud, network, identity, and endpoint domains. You will serve as a technical authority and escalation leader, setting direction during high‑stakes events, translating complex telemetry into clear outcomes, and ensuring secure, reliable access for the business at scale. Beyond incident leadership, this role plays a critical part in shaping the long‑term health and maturity of Zero Trust services. You’ll design and implement high‑risk changes, evolve policy and segmentation models, and drive proactive improvements through monitoring, automation, and AI‑assisted workflows. As a senior individual contributor, you’ll influence outcomes through expertise rather than hierarchy, partnering closely with engineering, architecture, and technology teams, mentoring peers, and raising the operational bar across the organization. This role is ideal for experienced Zero Trust operations professionals who want broad enterprise impact, deep technical ownership, and the opportunity to shape how Zero Trust services operate and mature at scale.

Job Responsibility:

  • Own and lead the response to complex Zero Trust related service degradations, incidents, and systemic issues
  • Independently investigate and resolve highly complex connectivity, access, and performance issues across Zero Trust network and cloud security platforms
  • Serve as a technical incident leader and escalation authority for high‑severity or high‑impact incidents
  • Set the standard for stakeholder communication during major incidents
  • Design, validate, and implement high‑risk or high‑impact configuration and architectural changes to Zero Trust platforms
  • Lead the evolution of policy models, access controls, and segmentation approaches aligned to Zero Trust and least‑privilege principles
  • Own pre‑ and post‑change validation strategy
  • Enforce change quality standards
  • Provide technical leadership for platform stability and resilience
  • Drive proactive monitoring and telemetry improvements
  • Translate short‑term mitigations into long‑term improvements
  • Partner with engineering and architecture teams to drive enhancements to Zero Trust services
  • Own and evolve operational runbooks, troubleshooting frameworks, and incident response practices
  • Apply senior‑level technical judgment in ambiguous or high‑stakes scenarios
  • Author and maintain authoritative documentation including design references, operational procedures, incident analyses, and platform diagrams
  • Ensure operational knowledge is durable and transferable
  • Act as a trusted technical partner to network, identity, endpoint, DevSecOps, cloud, and SOC teams
  • Represent Zero Trust Operations as a senior technical voice in cross‑functional forums
  • Identify, design, and implement automation and AI‑assisted solutions to reduce manual effort
  • Mentor and develop peers through technical guidance, design reviews, incident leadership, and knowledge sharing
  • Continuously expand cross‑domain expertise in Zero Trust, networking, cloud security, identity, and automation
  • Pursue ongoing professional development and certifications

Requirements:

  • 5+ years of experience in cybersecurity
  • 3+ years of direct operational support experience with Zero Trust solutions (ZTNA, CASB, SWG, SASE, etc.)
  • Working knowledge of networking fundamentals, and cloud security knowledge & concepts
  • Automation experience desired (Python, scripts, Ansible, Salt, etc.)
  • 4-year college degree in Computer Science or Cybersecurity (or equivalent)
  • Security certifications (Security+, CASP+, GSEC, SSCP, CDPSE, GIAC/SANS, or equivalent)
  • Zero Trust vendor certifications
  • Network certifications (Network+, CCIE, CCNA, CCNP, or equivalent)
What we offer:
  • 401(k) with company match and Employee stock purchase plan
  • Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
  • Paid parental leave and family building benefits
  • Tuition reimbursement
  • Health, dental, and vision insurance

Additional Information:

Job Posted:
May 04, 2026

Expiration:
May 08, 2026

Employment Type:
Fulltime
Work Type:
On-site work
Icon
Charles Schwab - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Zero Trust Operations Engineer

Senior System Security and Information Assurance Engineer

The Senior PAM Engineer will play a critical role within Line of Effort 2, respo...
Location
Location
United States , Tampa
Salary
Salary:
Not provided
barbaricum.com Logo
Barbaricum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Active DoD Top Secret clearance with SCI eligibility
  • Master’s degree (MA/MS) in Cybersecurity, Information Technology, Computer Science, Engineering, or related field
  • 10+ years of professional experience in cybersecurity, systems engineering, or information assurance
  • Meets Cyber Engineer – Senior labor category requirements, including independent execution of all functional duties and support to mission-critical program elements
  • DoD 8570 IAT Level II certification or higher (e.g., Security+ CE, CCNA Security)
  • Deep expertise in Privileged Access Management (PAM) architectures and Zero Standing Privilege concepts
  • Hands-on experience implementing Just-In-Time (JIT) access workflows
  • Experience integrating PAM solutions with Active Directory, SIEM platforms (Splunk), and Identity Governance (IGA) tools
  • Experience producing technical documentation to support RMF and ATO processes (LLDs, SSPs, SOPs)
  • Ability to lead or oversee the efforts of less senior staff as required by program needs
Job Responsibility
Job Responsibility
  • Lead the installation, configuration, and technical implementation of an enterprise Privileged Access Management (PAM) solution (Delinea-focused) across multiple network enclaves
  • Discover, inventory, and onboard privileged user, administrator, and service accounts into a secure credential vault
  • Design and enforce policies for Just-In-Time (JIT) access, session monitoring, and session recording to achieve zero standing privileges
  • Develop scripts and API-based integrations between the PAM solution, Splunk SIEM, and Identity Governance (IGA) platforms
  • Support RMF accreditation activities by developing Low-Level Design (LLD) documents, System Security Plans (SSPs), and Standard Operating Procedures (SOPs)
  • Support Authority to Operate (ATO) efforts through security control implementation and technical validation
  • Lead enterprise rollout of PAM policies from pilot groups to full operational enforcement
  • Collaborate with Zero Trust architects, identity teams, and cyber engineers to ensure alignment with enterprise security architecture
Read More
Arrow Right

SASE Presales Systems Engineer

This role has been designed as ‘Hybrid’ with an expectation that you will work o...
Location
Location
Sweden , Stockholm
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of technical pre-sales or solution engineering experience in cybersecurity, networking, or cloud
  • Hands-on experience with SASE/SSE architecture and Zero Trust models
  • Understanding of security technologies: Firewalls, IPSEC, SSL-VPN, NAT, GRE, IPS/IDS
  • Solid grasp of identity and access control standards: SSO, SAML, OAuth, OIDC, RBAC
  • Proficiency in core networking and security protocols: TCP/IP, DNS, TLS, HTTP/S, OSPF, BGP
  • Experience with CLI on major routing/switching platforms and WAN edge technologies
  • Practical knowledge of AWS, Azure, GCP, and virtualization (VMware, Hyper-V)
  • Familiarity with installation, configuration, and troubleshooting of hypervisors and operating systems
  • Strong presenter, capable of simplifying complex technical topics for diverse audiences
  • Positive attitude, self-motivated, and committed to exceeding customer expectations
Job Responsibility
Job Responsibility
  • Lead technical discovery, solution design, and architecture workshops across HPE’s cybersecurity portfolio
  • Deliver value-driven demonstrations and proof-of-concepts, particularly for SASE (SD-WAN, ZTNA, SWG, CASB, FWaaS) and SSE use cases
  • Guide customers through observability and threat detection integrations (e.g., SIEM, SOAR, XDR, OpenTelemetry)
  • Engage CISOs, security architects, and compliance stakeholders in technical and strategic conversations
  • Respond to RFPs, RFIs, and security assessments with high-quality technical documentation
  • Collaborate closely with Product and Engineering to provide customer-driven roadmap feedback
  • Present clearly to both technical and executive-level audiences
  • Work cross-functionally and support teammates to ensure successful deal outcomes
  • Willingness to accommodate customer schedules, including occasional evenings or weekends
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Principal Consultant, Zero Trust Advisory, Proactive Services (Unit 42)

In this client-facing role, the Principal Consultant will lead complex Zero Trus...
Location
Location
Canada , Toronto
Salary
Salary:
151000.00 - 208000.00 USD / Year
paloaltonetworks.it Logo
Palo Alto Networks Italia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years leading high-stakes cybersecurity advisory and risk management engagements for enterprise clients
  • Former professional services and consulting experience required
  • 3+ years of consulting experience architecting and deploying Zero Trust, SASE, or Identity-centric security models for large, multinational organizations
  • Strong track record in strengthening existing and developing net-new client relationships
  • Lead enterprise Zero Trust advisory engagements, translating business risk into actionable architectures aligned with NIST SP 800-207, NIST NCCoE Zero Trust use cases, and CISA Zero Trust Maturity Model
  • Design and deliver end-to-end Zero Trust architectures across IAM, network, endpoint, cloud, application, and security operations domains for large, complex enterprises
  • Perform enterprise security and architecture assessments to identify gaps, dependencies, and maturity levels, producing clear roadmaps toward an optimized Zero Trust posture
  • Serve as a trusted advisor to C-suite executives, board members, and senior leadership, while also engaging deeply with engineers, architects, and security operations teams
  • Create high-quality client-ready deliverables including reference architectures, target-state designs, migration roadmaps, executive presentations, and technical runbooks
  • Demonstrate solution architecture leadership, maintaining technical vision from strategy through detailed design and implementation
Job Responsibility
Job Responsibility
  • Drive high-value, billable Zero Trust transformation engagements that convert complex security challenges into resilient architectural outcomes
  • Simultaneously deliver elite advisory services to our clients and assist in scaling Unit 42’s Zero Trust practice through technical innovation and business development
  • Assess enterprise architectures to expose hidden zones of implicit trust and high-risk lateral movement paths
  • Analyze enterprise telemetry and policy logs to identify visibility gaps across identity, device, and network layers
  • Execute Zero Trust risk assessments grounded in best practices such as NIST SP 800-207, the CISA ZT Maturity Model, and MITRE ATT&CK to quantify architectural vulnerabilities
  • Devise strategic security transformation recommendations and solutions, to include Unit 42 services and Palo Alto Networks technology, to assist customers in reducing risks
  • Design risk-based control sets that prioritize identity-centric protection and least-privilege access
  • Audit the technical integration of SASE, Identity, EDR/XDR, and Cloud Security to ensure they function as a unified, automated fabric rather than a collection of disconnected silos
  • Develop ZT Roadmaps that provide clients with a realistic, phased path to retiring legacy perimeter defenses
  • Scope new opportunities with prospective clients, including drafting statements of work and responding to Requests for Proposals (RFPs)
What we offer
What we offer
  • restricted stock units
  • bonus
  • employee benefits
  • Fulltime
Read More
Arrow Right

Sr. Systems Engineer

PagerDuty is seeking a Senior Systems Engineer who will design, implement, and m...
Location
Location
Canada , Toronto
Salary
Salary:
98000.00 - 149000.00 CAD / Year
https://www.pagerduty.com Logo
PagerDuty
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience in enterprise network engineering and operations
  • 5+ years in a systems administration/engineering or IT support environment
  • Professional network certification (e.g., CCNP, JNCIP, or equivalent) or equivalent hands-on experience
  • Extensive experience with TCP/IP networking and routing protocols (e.g., BGP, OSPF), as well as experience with VPNs, wireless, and modern networking concepts in large-scale distributed environments
  • Demonstrated proficiency with network automation using Python, Ansible, Terraform, or similar tools
  • Experience working with IAM tools (Entra, Azure AD, Okta) and processes (account lifecycle, permissions, privileged account management)
  • Experience supporting a mixed endpoint environment including macOS and Windows
Job Responsibility
Job Responsibility
  • Design and implement scalable solutions across our global infrastructure—including office networks, endpoints, and cloud environments (AWS, GCP, Azure)—with a focus on reliability, security, and user experience
  • Own day-to-day operations of core infrastructure services (network, endpoints, identity, and access), ensuring availability, performance, and scalability across sites and cloud platforms
  • Provide Tier 2/3 incident response and problem-solving for complex infrastructure issues (network, systems, and connectivity), driving swift resolution and thorough root cause analysis to minimize impact
  • Implement and maintain security controls and policies across the network and systems, including firewall rules, segmentation, zero-trust principles, and IAM (Entra, Azure AD, Okta) to ensure secure, consistent access
  • Use monitoring, logging, and packet analysis tools to detect, diagnose, and remediate performance and reliability issues
  • proactively recommend and implement improvements across infrastructure components
  • Develop and maintain automation (e.g., Python, PowerShell, Bash, Ansible, Terraform, Workato, Zapier) to standardize configurations and streamline workflows for endpoints, network, identity, and access management
  • Partner with infrastructure and security teams to ensure network, endpoint, identity, and SaaS integrations follow best practices in Azure, AWS, and/or GCP, supporting secure and scalable hybrid environments
  • Provide advanced support to employees globally using ITSM tools such as Jira, and contribute to internal knowledge sharing and, where needed, user-facing training materials
  • Maintain clear, comprehensive documentation for infrastructure configurations, standards, runbooks, and procedures to support repeatable and reliable operations
What we offer
What we offer
  • Competitive salary
  • Comprehensive benefits package
  • Flexible work arrangements
  • Company equity
  • ESPP (Employee Stock Purchase Program)
  • Retirement or pension plan
  • Generous paid vacation time
  • Paid holidays and sick leave
  • Dutonian Wellness Days & HibernationDuty - companywide paid days off in addition to PTO
  • Paid parental leave: 22 weeks for pregnant parent, 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)
  • Fulltime
Read More
Arrow Right

Zero Trust Program Manager

You will partner closely with solution architects, engineers, cybersecurity prof...
Location
Location
United States , Fort Meade
Salary
Salary:
99000.00 - 225000.00 USD / Year
boozallen.com Logo
Booz Allen Hamilton
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in system design, performance optimization, and cross-functional collaboration in engineering or technical roles
  • Experience shaping cyber defense strategies and transitioning technical innovations into operational environments
  • Experience identifying and addressing capability gaps within DCO portfolios
  • Ability to drive technical innovation and guide multidisciplinary teams delivering mission-critical solutions
  • Secret clearance
  • HS diploma or GED
Job Responsibility
Job Responsibility
  • Lead and guide cross-functional teams in the design, implementation, and delivery of advanced Defensive Cyber Operations (DCO) solutions
  • Provide programmatic oversight for cyber defense and Zero Trust initiatives, ensuring alignment with mission objectives and organizational strategy
  • Manage and execute cybersecurity and Zero Trust assessments, translating findings into actionable roadmaps and technical solutions
  • Shape and advance Zero Trust strategy across the company, including future-state capabilities and phased implementation approaches
  • Identify capability gaps within the DCO portfolio and recommend, develop, and drive innovative solutions
  • Balance mission needs and security requirements by providing alternative architectures and customized cyber defense approaches
  • Engage and collaborate with internal and external stakeholders, including senior leadership, mission partners, and clients
  • Drive technical innovation by leveraging market knowledge, emerging technologies, and best practices
  • Lead a team of cybersecurity professionals to advance Zero Trust and defensive cyber operations efforts across the company
  • Identify opportunities to improve cyber missions of national importance and protect critical assets
What we offer
What we offer
  • health, life, disability, financial, and retirement benefits
  • paid leave
  • professional development
  • tuition assistance
  • work-life programs
  • dependent care
  • recognition awards program
Read More
Arrow Right

IAM - Privileged Access Management Principal

Principal PAM Architect to lead the strategy, architecture, design, and implemen...
Location
Location
United States , Houston
Salary
Salary:
117500.00 - 270000.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience)
  • 8+ years in cybersecurity or IT with demonstrated hands-on PAM specific experience in enterprise-scale environments
  • Proven experience in architecture, design, and implementation of PAM solutions across large, complex enterprises
  • Deep technical expertise with CyberArk (Privileged Cloud and on-prem)
  • Strong knowledge of Zero Trust principles, JIT/JEA access models, and privileged identity lifecycle management
  • Experience integrating PAM with cloud platforms (Azure, AWS, GCP), DevOps pipelines, and enterprise IT ecosystems
  • Experience with secrets management platforms (CyberArk Conjur, HashiCorp Vault, AWS Secrets Manager, etc.)
  • Working knowledge of modern authentication standards (SAML, OIDC, FIDO2, MFA, passwordless)
  • Hands-on expertise with Windows, Linux, Active Directory, and cloud IAM models
  • Good understanding of the privilege access models of Active Directory, Azure/Entra ID, AWS and GCP
Job Responsibility
Job Responsibility
  • Define PAM strategy, roadmap, and reference architectures aligned to enterprise security and compliance requirements
  • Design and implement scalable PAM solutions for large, complex environments across on-prem, hybrid, and multi-cloud infrastructures
  • Incorporate Zero Trust, Just-in-Time (JIT), and Just Enough Access (JEA) models into PAM solutions
  • Lead the enterprise rollout and lifecycle management of CyberArk Privileged Cloud and related modules
  • Implement and manage privileged session monitoring, endpoint privilege management (EPM), and application-to-application password management
  • Drive integration of PAM with identity providers, SIEM/SOAR, ITSM, and DevOps pipelines
  • Establish and enforce policies for privileged access governance, auditing, and regulatory compliance
  • Conduct regular reviews of PAM controls to prevent credential theft, lateral movement, and unauthorized access
  • Act as the PAM subject matter expert (SME), advising executives, architects, and engineering teams on privileged access security
  • Mentor and guide engineering teams on PAM best practices and secure operations
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive benefits suite supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Network Engineer

We seek skilled resources to provide comprehensive 24/7 Level 2 and Level 3 netw...
Location
Location
Salary
Salary:
Not provided
flint-international.com Logo
Flint International
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in network operational support and production engineering within large enterprises or financial institutions
  • Proven ability to diagnose and resolve complex network issues
  • Strong stakeholder management and resilience under pressure
  • Solid understanding of LAN/WAN technologies and protocols (e.g., ACI-like fabrics, IOS-type OS, NX-OS-style systems, SD-WAN, BGP, OSPF)
  • Knowledge of multi-vendor firewall platforms (Fortinet, ASA-type systems, microsegmentation platforms)
  • Experience with remote access technologies (VPN clients, cloud security gateways)
  • Proficiency with DNS/DHCP platforms (e.g., Infoblox), load balancers (F5, VMware), and proxy products (e.g., Zscaler)
  • Strong TCP/IP and SSL troubleshooting skills (using tcpdump, Wireshark, etc.)
  • Deep understanding of network virtualization, cloud, and automation concepts
  • Expertise with programming/automation and configuration management tools (Python, Ansible, SaltStack, Terraform)
Job Responsibility
Job Responsibility
  • Deliver 24×7 operational support for global networking, firewall, and load balancing technologies
  • Maintain and troubleshoot network equipment including routers, switches, firewalls, load balancers, and related infrastructure
  • Perform fault and performance management across large-scale environments
  • Identify, diagnose, and resolve complex network issues, including hardware faults and logical problems
  • Collect diagnostic data, document incidents, and track progress in line with SLA requirements
  • Manage escalations, isolate incidents, and implement workarounds
  • Collaborate with vendors and service providers for device and service restoration
  • Coordinate and implement break/fix activities, planned changes, patching, and maintenance following change management processes
  • Assess and amend existing network devices and configurations in a controlled manner
  • Make key decisions regarding fault or change impacts on users and infrastructure
Read More
Arrow Right

Senior GCP DevOps Engineer

We are supporting a major global IT services provider delivering platform engine...
Location
Location
United Kingdom
Salary
Salary:
Not provided
xcede.com Logo
Xcede
Expiration Date
May 15, 2026
Flip Icon
Requirements
Requirements
  • CI/CD and IaC automation using: GitHub Actions
  • Terraform Enterprise
  • Ansible Automation Platform
  • GitOps operations using Argo CD
  • Kubernetes platform lifecycle management
  • Terraform workspace and module design across cloud environments
  • Secrets lifecycle and vault patterns (e.g. Akeyless)
  • Multi-stage infrastructure and application pipelines
  • Building reusable Golden Path infrastructure modules
  • Kubernetes operations and patch automation
Job Responsibility
Job Responsibility
  • Platform Engineering & Operations: Build, operate and continuously improve lab and production platforms across Google Cloud (GKE / GKE On-Prem / GDC)
  • Manage Kubernetes clusters at scale, including: Cluster lifecycle management
  • Upgrades and patching
  • Day 0 / Day 1 / Day 2 automation
  • Drift remediation and reliability engineering
  • Implement GitOps-first operations using Argo CD
  • Enforce platform standards, configuration baselines and compliance evidence collection
  • Automation & Infrastructure as Code: Engineer consistent infrastructure across public and private cloud environments using: Terraform Enterprise
  • Ansible Automation Platform
  • Metalsoft
Read More
Arrow Right