At Freddie Mac, you will do important work to build a better housing finance system and youll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation. Position Overview:The Freddie Mac Red Team is responsible to test the overall strength ofour organizations defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker. We are seeking an Information Security Tech Lead to assist the team by providing subject matter expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, and Purple Team. In this role, the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.Responibilies include:Penetration Testing and Red Team assessmentsPerform Red Team assessments including physical, social engineering, and network exploitationPerform internal and external penetration testing of network infrastructure and applicationsPerform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databasesPerform network reconnaissance, OSINT, social engineering, and physical security reviewsDemonstrate advanced understanding of business processes, internal control risk management, IT controls and related standardsEffectively communicate findings and strategy to stakeholders, including technical staff and executive leadershipIdentify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvementDevelop Team Capabilities and LeadershipGenerate innovative ideas and challenge the status quoDevelop scripts, tools, or methodologies to enhance the Red teaming processes and capabilitiesParticipate in and actively support mentoring with other members of the teamAssist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staffOur Impact:The Red team is responsible for testing the overall strength of our organizations defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker!Your Impact:This role provides domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, as well as Red Team and Purple Team internal engagements. Additionally, you will provide improved vulnerability analysis and contextual feedback to partners to support the resolution of discovered vulnerabilities and facilitate risk awareness.Qualifications8-10 years of relevant experienceMust be very proficient with common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, etc.)Must have working knowledge of KALI Linux or other testing distributions, and the tools within.Must have a solid understanding of voice and data networks, major operating systems, active directory, cloud technologiesMust demonstrate knowledge of MITREs ATT&CK framework, execute and chain TTPsMust be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.Cloud & C2 in-depth knowledge.Ability to effectively code in a scripting language (Python, Perl, etc.)Desirable certifications: OSCP, OSCE, OSWE, OSEE (AWE)Key to success in this role Strong communication skillsLeadershipAbility to work independently, as well as effectively work in teams with individuals with a variety of skills and backgroundsCurrent Freddie Mac employees please apply through the internal career site.Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and youll do important work for the housing finance system and make a difference in the lives of others.We are an equal opportunity employer and value diversity and inclusion at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by applicable law. We will ensure that individuals with differing abilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit and register with our referral code: MAC.Time-type:Full timeFLSA Status:ExemptFreddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site. This position has an annualized market-based salary range of $144,000 – $216,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.Job SummaryJob number: JR12864Date posted : 2024-05-06Profession: TechnologyEmployment type: Full time
awe Innovativeness Python network-protocols Databases cloud-platforms hybrid Information security Perl Communication remote work scripting risk management OffSec Certified Professional (OSCP) penetration-testing Technical Lead OSINT kali-linux business-process-management Leadership