Red Team Penetration Tester - Technical Lead (Hybrid or Remote Work Schedule)

Posted 15 Days Ago
Be an Early Applicant
Headquarters, AZ
144K-216K Annually
7+ Years Experience
Financial Services
The Role
As a Red Team Penetration Tester - Technical Lead at Freddie Mac, you'll simulate threat actors to assess vulnerabilities across technology, processes, and personnel. Your role involves leading penetration tests, developing custom tools, providing vulnerability feedback, and mentoring team members to enhance security capabilities.
Summary Generated by Built In

At Freddie Mac, you will do important work to build a better housing finance system and you’ll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation.

Position Overview:

The Freddie Mac Red Team is responsible to test the overall strength of our organization’s defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker. We are seeking an Information Security Tech Lead to assist the team by providing subject matter expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, and Purple Team. In this role, the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.

Responibilies include:

Penetration Testing and Red Team assessments

  • Simulate real-world threat actors targeting the organization’s people, processes, and technology to expose risk within the environment.

  • Develop custom exploits, tooling, and infrastructure to evade defensive controls and further team objectives.

  • Go beyond Nessus scanning to lead red team assessments and penetration tests playing a critical role in their success.

  • Work closely with defensive analysts to update detections and ensure adequate coverage after an operation is complete.

  • Collaborate with stakeholders to scope prospective engagements and provide thorough out briefings after assessments are complete. Provide guidance on vulnerability remediation and track progress through to completion.

  • Contribute to the development and improvement of security policies, standards, and guidelines.

  • Demonstrate a team-oriented mindset adept at learning the latest technologies; train and mentor less experienced team members on penetration tactics and techniques.

Develop Team Capabilities and Leadership

  • Generate innovative ideas and challenge the status quo

  • Develop scripts, tools, or methodologies to enhance the Red teaming processes and capabilities

  • Participate in and actively support mentoring with other members of the team

  • Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff

Our Impact:

The Red team is responsible for testing the overall strength of our organization’s defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker!

Your Impact:

This role provides domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, as well as Red Team and Purple Team internal engagements. Additionally, you will provide improved vulnerability analysis and contextual feedback to partners to support the resolution of discovered vulnerabilities and facilitate risk awareness.

Qualifications

  • 8-10 years of relevant experience performing penetration testing, offensive security assessments, Purple Team engagements.

  • One or more technical certifications: OSCP, OSWE, OSED, OSEP, OSEE, GPEN, CRTO, GXPN, or similar.

  • Experience with one or more Object Oriented language (C/C++, C#, Go, etc).

  • Working knowledge of one or more scripting language (Python, PowerShell, BASH, etc.).

  • Experience bypassing modern defensive controls such as EDRs, network defenses, email filters, etc.

  • Experience creating custom tools and modifying existing tools to automate workflows and simulate threat actor activities.

  • Experience hunting for vulnerabilities and developing exploits.

  • In depth knowledge of cloud technologies as it relates to crafting red team infrastructure, and offensive security testing.

  • Advanced usage of Cobalt Strike or similar C2 framework including creation of Aggressor Scripts, Beacon Object Files (BOF), and associated infrastructure.

Key to success in this role

  • Leadership

  • Strong communication skills

  • Ability to work independently, as well as effectively work in teams with individuals with a variety of skills and backgrounds

Current Freddie Mac employees please apply through the internal career site.

Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you’ll do important work for the housing finance system and make a difference in the lives of others.

We are an equal opportunity employer and value diversity and inclusion at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by applicable law. We will ensure that individuals with differing abilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit www.BountyJobs.com and register with our referral code: MAC.

Time-type:Full time

FLSA Status:Exempt

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.

This position has an annualized market-based salary range of $144,000 - $216,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.

Top Skills

Bash
C#
C/C++
Go
Powershell
Python
The Company
HQ: McLean, VA
9,809 Employees
On-site Workplace
Year Founded: 1970

What We Do

Freddie Mac is serving America’s homebuyers, homeowners and renters by financing the creation and preservation of more affordable homeownership and rental opportunities, providing liquidity, stability and affordability to the housing market. We are Making Home Possible for families across the nation.

Jobs at Similar Companies

MassMutual India Logo MassMutual India

BI Platform Engineer

Big Data • Fintech • Information Technology • Insurance • Financial Services
Hyderabad, Telangana, IND

MyBambu Logo MyBambu

Internal Auditor

Fintech • Mobile • Other • Payments • Social Impact • Financial Services • App development
West Palm Beach, FL, USA
120 Employees

Energy CX Logo Energy CX

Strategic Account Executive

Greentech • Professional Services • Business Intelligence • Consulting • Energy • Financial Services • Utilities
Easy Apply
Chicago, IL, USA
55 Employees

Similar Companies Hiring

MyBambu Thumbnail
Social Impact • Payments • Other • Mobile • Fintech • Financial Services • App development
West Palm Beach, Florida
120 Employees
Energy CX Thumbnail
Utilities • Professional Services • Greentech • Financial Services • Energy • Consulting • Business Intelligence
Chicago, IL
55 Employees
MassMutual India Thumbnail
Insurance • Information Technology • Fintech • Financial Services • Big Data
Hyderabad, Telangana

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account