Web Application Penetration Tester Technical Lead In Office or Remote
Web Application Penetration Tester Technical Lead In Office or Remote
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
At Freddie Mac you will do important work to build a better housing finance system and youll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation.
Position Overview:
The Freddie Mac Red Team is responsible to test the overall strength of our organizations defenses (the technology the processes and the people) by simulating the objectives and actions of an attacker. We are seeking an Information Security Tech Lead to assist the team by providing subject matter expertise in Penetration testing of Infrastructure and Networks Web Applications Cloud and Social engineering and Purple Team. In this role the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.
Responsibilities include:
Penetration Testing and Red Team assessments
Lead and perform web application penetration assessments collaborating with stakeholders to scope engagements translate complex security concepts and provide tailored remediations
Proactively search for vulnerabilities in web applications web APIs cloud environments etc. throughout Freddie Mac
Work together with other Red Team members to integrate web application security into broader threat emulation scenarios
Develop and maintain scripts tools and methodologies to enhance processes and capabilities
Provide mentorship and technical guidance to less experienced team members
Contribute to the development and improvement of security policies standards and guidelines
Develop Team Capabilities and Leadership
Generate innovative ideas and challenge the status quo
Develop scripts tools or methodologies to enhance the Red teaming processes and capabilities
Participate in and actively support mentoring with other members of the team
Assist with scoping prospective engagements leading engagements from kickoff through remediation and mentoring less experienced staff
Our Impact:
The Freddie Mac internal Red Team is responsible to continuously test the overall strength of our organizations defenses (across all people process & technology) by simulating the objectives and actions of an attacker.
Your Impact:
In this role the candidate will contribute to a collaborative team as subject matter expertise in Web Application penetration testing on Freddie Macs internal Red Team. Additionally the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.
Qualifications
810 years of relevant experience in web application penetration testing
One or more technical certifications: OSWA OSWE Burp Suite Certified Practitioner eWPT eWPTX
Ability to critically examine web applications to identify exploit and remediate vulnerabilities (SQL injection XSS SSRF CSRF)
Solid understanding of related web technologies (HTTP DNS HTML JavaScript REST GraphQL Java .NET SQL/noSQL OAuth) and infrastructure (cloud native containers proxies webservers PaaS)
Indepth knowledge of secure development practices (DevSecOps secure code review) and security frameworks (OWASP CWE MITRE)
Proficient with common web application penetration testing tools (Burp Suite Project Discovery sqlmap)
Familiarity with WAF bypasses
Must be willing to work east coast hours
Key to success in this role
Webrelated public research (advisories disclosures)
Previous Bug Bounty or vulnerability disclosure experience
Proficiency in at least one scripting or programming language (Python JavaScript C# Java)
Current Freddie Mac employees please apply through the internal career site.
Today Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart creative and dedicated team and youll do important work for the housing finance system and make a difference in the lives of others.
We are an equal opportunity employer and value diversity and inclusion at our company. We do not discriminate on the basis of race religion color national origin gender sexual orientation age marital status veteran status disability status or any other characteristic protected by applicable law. We will ensure that individuals with differing abilities are provided reasonable accommodation to participate in the job application or interview process to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodation.
A safe and secure environment is critical to Freddie Macs business. This includes employee commitment to our acceptable use policy applying a vigilancefirst approach to work supporting regulatory mandates and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.
CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.
Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more please visit www.BountyJobs and register with our referral code: MAC.
Timetype:Full timeFLSA Status:ExemptFreddie Mac offers a comprehensive total rewards package to include competitive compensation and marketleading benefit programs. Information on these benefit programs is available on our Careers site.
This position has an annualized marketbased salary range of $150000 $224000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position experience skill set internal pay equity and other relevant qualifications of the applicant.Employment Type
Full-Time
