Offensive Security Engineer - Senior Technical Lead (In Office or Remote) Join to apply for the Offensive Security Engineer - Senior Technical Lead (In Office or Remote) role at Freddie Mac Offensive Security Engineer - Senior Technical Lead (In Office or Remote) Join to apply for the Offensive Security Engineer - Senior Technical Lead (In Office or Remote) role at Freddie Mac At Freddie Mac, our mission of Making Home Possible is what motivates us, and it’s at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose.

Position Overview:

We are seeking a multi-faceted offensive security engineer to join the Freddie Mac internal Red Team, with the skills to hunt for vulnerabilities, develop custom exploits, and attack diverse platforms!

Our Impact:

The Freddie Mac internal Red Team is responsible for continuously testing the overall strength of our organization’s defenses (across all people, process, & technology) by simulating the objectives and actions of an attacker.

Your Impact:

In this role, the candidate will contribute to a collaborative team as a subject matter expert in security assessments across various domains, including adversarial simulation, infrastructure, networks, web applications, cloud security, social engineering, and Purple Team engagements. Additionally, the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.

What To Expect (Job Responsibilities)

Plan and execute red team engagements to simulate real-world attacks, demonstrate impact, and evaluate protections Go beyond Nessus scanning to proactively hunt for vulnerabilities in web applications, critical systems, and other assets throughout Freddie Mac Collaborate with stakeholders to scope engagements, translate complex security concepts, and provide tailored remediation Conduct in-depth research to develop custom exploits, proof-of-concept attacks, and defense evasions Develop and maintain scripts, tools, and methodologies to enhance processes and capabilities Work closely with Blue Team to continually improve detection and response capabilities Provide mentorship and technical guidance to less experienced team members Stay current with emerging tactics, new exploits, and security research, integrating relevant insights into Red Teams daily operations

Qualifications:

10+ years of relevant experience red teaming, penetration testing, exploit development, or web application security testing Two or more technical certifications: OSCP, OSED, OSEP, OSEE, CRTO, OSWE, Burp Suite Certified Practitioner, eWPT, eWPTX Proficiency in multiple programming languages (C/C++, C#, Go, Python, PowerShell) for exploit development and automation Proven track record of developing custom exploits, reverse-engineering, or otherwise demonstrating deep vulnerability research skills Experience bypassing modern defensive controls such as EDRs, network defenses, email filters, etc. Advanced usage of Cobalt Strike, NightHawk, or similar C2 framework including creation of Aggressor Scripts, Beacon Object Files (BOF), and associated infrastructure. Experience creating offensive tools to automate workflows and simulate threat actor activities In depth knowledge of cloud technologies as it relates to crafting red team infrastructure, and offensive security testing (preferred) Experience in or solid understanding of assessing and exploiting AI and cloud systems (preferred) Previous Bug Bounty or vulnerability disclosure experience (preferred) Master’s degree in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or related field (preferred) Must be willing to work east coast hours

Key to success in this role

Passion for cyber security Leadership Strong communication skills Ability to work independently, as well as effectively work in teams with individuals with a variety of skills and backgrounds

Current Freddie Mac employees please apply through the internal career site.

We consider all applicants for all positions without regard to gender, race, color, religion, national origin, age, marital status, veteran status, sexual orientation, gender identity/expression, physical and mental disability, pregnancy, ethnicity, genetic information or any other protected categories under applicable federal, state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

A safe and secure environment is critical to Freddie Mac’s business. This includes employee commitment to our acceptable use policy, applying a vigilance-first approach to work, supporting regulatory mandates, and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.

CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit www.BountyJobs.com and register with our referral code: MAC.

Time-type:Full time

FLSA Status:Exempt

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.

This position has an annualized market-based salary range of $172,000 - $258,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant. Seniority level Seniority level Mid-Senior level Employment type Employment type Full-time Job function Job function Information Technology Referrals increase your chances of interviewing at Freddie Mac by 2x Get notified about new Senior Security Engineer jobs in McLean, VA . Arlington, VA $85,000.00-$145,000.00 3 weeks ago Staff Security Operations Engineer (Observability & Automation) Washington, DC $125,000.00-$170,000.00 3 weeks ago Security Engineer (SIEM/SOAR/SOC Optimization) - Mid-Atlantic region (Remote in NC, VA, WV, MD, DC, DE, NJ, or PA) McLean, VA $77,600.00-$176,000.00 2 weeks ago District of Columbia, United States $100,000.00-$105,000.00 2 days ago Arlington, VA $80,000.00-$94,000.00 6 days ago Arlington, VA $98,000.00-$115,000.00 4 months ago Senior Application Security Engineer - Veracode/Burp SME Senior Data Mining and Analytics Engineer (Security Clearance Required) - Remote work - Local DC Metro or FL Arlington, VA $107,936.00-$183,491.00 5 hours ago Senior Engineer - Product Security, Cybersecurity (REMOTE) Chevy Chase, MD $105,000.00-$215,000.00 2 hours ago Forward Deployed Engineer - National Security (TS/SCI) Washington, DC $200,000.00-$275,000.00 1 week ago Senior Security Engineer I (Data Security) Staff DevOps Engineer (Security Clearance Required) Sr. Security Analytics Engineer (REMOTE) Chevy Chase, MD $105,000.00-$230,000.00 2 hours ago Enterprise Solutions and Proposal Architect - Citizen Security and Public Services Reston, VA $176,000.00-$282,000.00 1 month ago Washington, DC $171,900.00-$249,100.00 2 weeks ago McLean, VA $77,600.00-$176,000.00 2 weeks ago Washington, DC $120,000.00-$134,000.00 1 week ago Databricks Security Engineer, Senior (Security Clearance) -Remote work local to DC Metro or FL Arlington, VA $107,936.00-$183,491.00 1 week ago Washington, DC $120,000.00-$132,000.00 2 weeks ago Washington, DC $135,000.00-$200,000.00 3 weeks ago Defensive Security Analyst-Washington, DC Washington, DC $110,000.00-$160,000.00 1 week ago Reston, VA $110,000.00-$135,000.00 2 weeks ago District of Columbia, United States 3 weeks ago Washington, DC $145,000.00-$160,000.00 5 days ago Operational Technology (OT) Asset Visibility and Security Engineer Falls Church, VA $125,528.00-$169,832.00 4 hours ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr