Freddie Mac - McLean, VA
posted 2 months ago
At Freddie Mac, you will do important work to build a better housing finance system and you'll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation. The Freddie Mac Red Team is responsible for testing the overall strength of our organization's defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker. We are seeking an Information Security Tech Lead to assist the team by providing subject matter expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, and Purple Team. In this role, the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness. Responsibilities include conducting penetration testing and Red Team assessments, simulating real-world threat actors targeting the organization's people, processes, and technology to expose risk within the environment. The candidate will develop custom exploits, tooling, and infrastructure to evade defensive controls and further team objectives. They will go beyond Nessus scanning to lead red team assessments and penetration tests, playing a critical role in their success. Close collaboration with defensive analysts is essential to update detections and ensure adequate coverage after an operation is complete. The candidate will also collaborate with stakeholders to scope prospective engagements and provide thorough out briefings after assessments are complete, as well as provide guidance on vulnerability remediation and track progress through to completion. Additionally, the candidate will contribute to the development and improvement of security policies, standards, and guidelines, demonstrating a team-oriented mindset adept at learning the latest technologies. They will train and mentor less experienced team members on penetration tactics and techniques, generating innovative ideas and challenging the status quo. The role also involves developing scripts, tools, or methodologies to enhance the Red teaming processes and capabilities, participating in and actively supporting mentoring with other members of the team, and assisting with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff.