Charles Schwab · 15 hours ago
Zero Trust Architect
Southlake, TX
Full-time
Onsite
Senior Level, Lead/Staff
10+ years expCharles Schwab is a leading financial services firm that empowers its employees to make impactful contributions. The Zero Trust Architect will drive the firm’s network security and Zero Trust strategy, collaborating with various teams to develop and implement security solutions that enhance visibility and connectivity while ensuring compliance and safety.
Financial Services
Responsibilities
Responsible for defining an architectural vision for Zero Trust and architecture for large complex solutions, which aligns with the enterprise architecture strategy, technology, and platform choices
Ensures the solution is fit for purpose and use by working with stakeholders, vendors/service providers, and evaluating the impact of strategic design decisions
Contributes to best practices, guidelines, standard templates, and the architecture roadmap for defined domains
Creates security reference architecture patterns for reusability
Contributes to the creation of the architecture roadmap of defined domains (Business, Application, Data and Technology) in support of the product roadmap
Partner with Schwab counterparts to implement designs and technologies that reduce network security deficiencies and deliver on the network strategy
Translate/engineer architectural requirements and high-level design into a deployable and manageable implementation
Develop technical solutions to ensure 3rd party partners connect to us in a way that protects our systems and client data
Participate in development, implementation of security design & engineering principles and standards and build a network strategy that leaps the enterprise into a next gen approach
The Zero Trust Architect must interpret business, technology and threat drivers, and develop practical security roadmaps
Clarifies the architecture for the development teams to support implementation, and provides solution options to resolve any architectural impediments
Performs design reviews to ensure all non-functional requirements for a solution are sufficiently met (e.g. security, performance, maintainability, scalability, usability, and reliability)
Liaises with other security architects and security practitioners to share best practices and insights
Qualification
Required
4-year college/university degree required
Minimum 10+ years of experience in Cyber Security preferably in the financial services industry
Subject matter expertise in one or more of the following domains: Network Security
Deep understanding of core network security principles, such as Confidentiality, Integrity, and Availability (CIA triad)
Expertise in designing and implementing robust network security architectures, including firewalls, intrusion prevention systems (IPS), network segmentation, endpoint security, and access controls
Knowledge of current and emerging network threats like ransomware, phishing, zero-day exploits, insider threats, and IoT vulnerabilities
Proficiency in various security tools such as firewalls, intrusion detection/prevention systems (IDPS), virtual private networks (VPNs), encryption, Security Information and Event Management (SIEM), and endpoint security solutions
Familiarity with best practices for network security management, including regular updates, vulnerability assessments, incident response planning, network segregation, and strong access controls
Zero Trust Architecture like next generation access such as Security Service Edge (SSE) and Secure Access Service Edge (SASE) components
Understanding and ability to articulate the fundamental principles of Zero Trust: 'never trust, always verify,' verify explicitly, least-privilege access, and assume breach
Proficiency in managing user identities, implementing multi-factor authentication (MFA), role-based access control (RBAC), and attribute-based access control (ABAC) for fine-grained access control
Knowledge and experience in network micro segmentation to limit the impact of breaches and control lateral movement
Deep knowledge of the Zscaler Zero Trust Exchange platform and its various components, such as Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Digital Experience (ZDX), and Zscaler Workload Communications
Understanding of ZIA's capabilities for secure web gateway (SWG), SSL inspection, cloud firewall, data loss prevention (DLP), cloud access security broker (CASB), and threat protection
Proficiency in using ZPA to provide secure, direct access to private applications, and replacing traditional VPNs
Knowledge of ZDX for monitoring and improving user experience across applications and networks
Expertise in securing application-to-application communication in cloud and hybrid environments using Zero Trust principles
Experience with deploying, configuring, and managing Zscaler solutions, including client connectors, app connectors, policy creation, and integration with other security tools like SIEM and identity management systems
Ability to leverage Zscaler's cloud-native architecture to implement and extend Zero Trust principles across various environments, including remote work, hybrid clouds, and IoT/OT devices
Experience implementing/configuring cloud services and tools aligned to our security priorities
Demonstrates flexibility within a variety of changing situations, while working with individuals and groups
Excellent written and verbal communication skills
Strong ability to effectively communicate with and present to C level as well as the senior leadership team
Experience with assessment, development, implementation, integration, optimization, and documentation of a comprehensive and broad set of security technologies and processes in on premise, public, and private cloud environments
Experience with DevSecOps process, AI security, and data warehousing
Strong knowledge of enterprise security concepts/frameworks and products, secure design principles, and best practices
Experience implementing industry/compliance frameworks (NIST 800-53, CIS benchmarks, ISO 27000 series, COBIT, etc.)
Must be able to quickly and succinctly design and create technical solution/process documentation
Must be a self-starter, strong leader who is able to influence senior engineers and architects; work with limited supervision & be able to work well with others in a globally diverse IT environment
Preferred
CISSP, CCSP, and TOGAF certification preferred. Other related certifications a plus
Benefits
401(k) with company match and Employee stock purchase plan
Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
Paid parental leave and family building benefits
Tuition reimbursement
Health, dental, and vision insurance
Company
Charles Schwab
We have plans for every turn you take.
10001+ employees
H1B Sponsorship
Charles Schwab has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (455)
2024 (468)
2023 (455)
2022 (705)
2021 (483)
2020 (282)
Funding
Current Stage
Late StageLeadership Team
J
Jim McGreevy
Senior Project Manager
Recent News
2025-10-04
Morningstar.com
2025-09-28
Company data provided by crunchbase