At Freddie Mac, you will do important work to build a better housing finance system and you'll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation.

Position Overview:

The Freddie Mac Red Team is responsible to test the overall strength of our organization's defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker. We are seeking an Information Security Tech Lead to assist the team by providing subject matter expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, and Purple Team. In this role, the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.

• Simulate real-world threat actors targeting the organization's people, processes, and technology to expose risk within the environment.
• Develop custom exploits, tooling, and infrastructure to evade defensive controls and further team objectives.
• Go beyond Nessus scanning to lead red team assessments and penetration tests playing a critical role in their success.
• Work closely with defensive analysts to update detections and ensure adequate coverage after an operation is complete.
• Collaborate with stakeholders to scope prospective engagements and provide thorough out briefings after assessments are complete. Provide guidance on vulnerability remediation and track progress through to completion.
• Contribute to the development and improvement of security policies, standards, and guidelines.
• Demonstrate a team-oriented mindset adept at learning the latest technologies; train and mentor less experienced team members on penetration tactics and techniques.

• Generate innovative ideas and challenge the status quo
• Develop scripts, tools, or methodologies to enhance the Red teaming processes and capabilities
• Participate in and actively support mentoring with other members of the team
• Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff

• 8-10 years of relevant experience performing penetration testing, offensive security assessments, Purple Team engagements.
• One or more technical certifications: OSCP, OSWE, OSED, OSEP, OSEE, GPEN, CRTO, GXPN, or similar.
• Experience with one or more Object Oriented language (C/C++, C#, Go, etc).
• Working knowledge of one or more scripting language (Python, PowerShell, BASH, etc.).
• Experience bypassing modern defensive controls such as EDRs, network defenses, email filters, etc.
• Experience creating custom tools and modifying existing tools to automate workflows and simulate threat actor activities.
• Experience hunting for vulnerabilities and developing exploits.
• In depth knowledge of cloud technologies as it relates to crafting red team infrastructure, and offensive security testing.
• Advanced usage of Cobalt Strike or similar C2 framework including creation of Aggressor Scripts, Beacon Object Files (BOF), and associated infrastructure.

• Strong communication skills
• Leadership
• Ability to work independently, as well as effectively work in teams with individuals with a variety of skills and backgrounds