Help us maintain the quality of jobs posted on PowerToFly. Let us know if this job is closed.
What Freddie Mac Has to Offer:
Freddie Mac makes home possible for millions of families and individuals by providing mortgage capital to lenders. Benefits include:
Job Type
Full Time
Job Details
At Freddie Mac, you will do important work to build a better housing finance system and you’ll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation. Position Overview: The Freddie Mac Red Team is responsible to test the overall strength of our organization’s defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker. We are seeking an Information Security Tech Lead to assist the team by providing subject matter expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, and Purple Team. In this role, the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness. Responibilies include: Penetration Testing and Red Team assessments
- Perform Red Team assessments including physical, social engineering, and network exploitation
- Perform internal and external penetration testing of network infrastructure and applications
- Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases
- Perform network reconnaissance, OSINT, social engineering, and physical security reviews
- Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards
- Effectively communicate findings and strategy to stakeholders, including technical staff and executive leadership
- Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
- Generate innovative ideas and challenge the status quo
- Develop scripts, tools, or methodologies to enhance the Red teaming processes and capabilities
- Participate in and actively support mentoring with other members of the team
- Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
- 8-10 years of relevant experience
- Must be very proficient with common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, etc.)
- Must have working knowledge of KALI Linux or other testing distributions, and the tools within.
- Must have a solid understanding of voice and data networks, major operating systems, active directory, cloud technologies
- Must demonstrate knowledge of MITRE’s ATT&CK framework, execute and chain TTP’s
- Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.
- Cloud & C2 in-depth knowledge.
- Ability to effectively code in a scripting language (Python, Perl, etc.)
- Desirable certifications: OSCP, OSCE, OSWE, OSEE (AWE)
- Strong communication skills
- Leadership
- Ability to work independently, as well as effectively work in teams with individuals with a variety of skills and backgrounds
About the Company
Freddie Mac
Mclean, VA, United States
Careers with Impact Our mission of Making Home Possible is what motivates us, and it’s at the core of everything we do. Since our charter in 1970,... Read more