Full Time Posted 18 days ago
powertofly approved What Freddie Mac Has to Offer:

Freddie Mac makes home possible for millions of families and individuals by providing mortgage capital to lenders. Benefits include:

  • Flexible work arrangements
  • Home benefit program
  • Student loan repayment benefit
  • Paid parental leave
  • At Freddie Mac, you will do important work to build a better housing finance system and you’ll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation.

    As part of Freddie Mac’s return to the office pilot, all employees, contingent workers and visitors must be fully vaccinated against COVID-19 in order to be on-site unless they have an approved accommodation.

    Position Overview:

    We are seeking an Information Security Senior to provide domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering! In this role, the candidate will provide improved vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.

    Your Work Falls into Three Primary Categories:

    Penetration Testing and Red Team assessments

    - Perform internal and external penetration testing of network infrastructure and applications

    - Perform Red team assessments including physical, social engineering, and network exploitation

    - Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases

    - Perform network reconnaissance, OSINT, social engineering, and physical security reviews

    - Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards

    - Effectively communicate findings and strategy to stakeholders, including technical staff and executive leadership

    - Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement

    Purple Team and Adversary simulations

    - Participate in regular Purple team exercises and perform adversary simulations to test defense controls

    - Assist with scoping prospective engagements, leading engagements from kickoff through remediation

    - Work closely with Blue team to test efficacy of existing alerts and help create new detection.

    - Create findings reports and communicate to stakeholders

    Enhance toolkits, processes and runbooks

    - Contribute to enhancing the team’s toolkit

    - Write custom scripts to automate tasks related to finding new vulnerabilities

    - Maintain runbooks to continually improve penetration testing methodologies and threat modelling.

    **This position can be performed from a remote location in the U.S.***

    Our Impact:

    The Red team is responsible for testing the overall strength of our organization’s defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker!

    Your Impact:

    This role provides domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, as well as Red Team and Purple Team internal engagements. Additionally, you will provide improved vulnerability analysis and contextual feedback to partners to support the resolution of discovered vulnerabilities and facilitate risk awareness.


    • 8-10 years of experience in Penetration testing, Red Team and Purple Team

    • Bachelor of Science in Engineering, Computer Science, Information Technology, or equivalent work experience

    • Advanced knowledge in common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, KALI Linux etc.)

    • Must have a demonstrable understanding of voice and data networks, major operating systems, active directory, cloud technologies

    • Must demonstrate knowledge of MITRE’s ATT&CK framework, execute and chain TTP’s

    • Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.

    • Ability to optimally code in a scripting language (Python, Bash, PowerShell, Perl, etc.)

    • Required certifications: OSCP

    Key to success in this role

    • Good communication skills

    • Detail-oriented

    • Ability to work independently, as well as optimally work in teams with individuals with a variety of skills and backgrounds

    Current Freddie Mac employees please apply through the internal career site.

    Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you’ll do important work for the housing finance system and make a difference in the lives of others.

    We are an equal opportunity employer and value diversity and inclusion at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by applicable law. We will ensure that individuals with differing abilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

    Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit www.BountyJobs.com and register with our referral code: MAC.

    Time-type:Full time

    Job Category:Information Technology

    FLSA Status:Exempt
    We're connecting diverse talent to big career moves. Meeting people who boost your career is hard - yet networking is key to growth and economic empowerment. We’re here to support you - within your current workplace or somewhere new. Upskill, join daily virtual events, apply to roles (it’s free!).
    Are you hiring? Join our platform for diversifiying your team
    Red Team Penetration Tester – Technical Lead (remote)