Cyber Security Analyst III

Fannie Mae Corp Reston , VA 20190

Posted 5 months ago


Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.

Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.

For more information about Fannie Mae, visit


Design and administer procedures in the organization that sustain the security of the organization's data and access to its technology and communications systems. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organization's data security measures.


  • Conduct platform or operating system vulnerability scans which assess exposure of system to attacks or hacking. Respond to questions regarding viral activity, concerns about spam/phishing etc. Produce reports.

  • Serve as organization's POC for the third party certification of security procedures and use of cyber security protections. Ensure that system's security controls, policies and procedures examined, measured and validated against third party standards.

  • Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.

  • Lead projects as related to technology refresh/evaluation such as Load Balancing and SSL technology. Research corrective measures (long term solutions) needed for any chronic issues identified that compromise security of particular systems or platforms.

  • Participate in developing and testing of new methodologies and systems for recovery of the critical core business processes and the enterprise infrastructure.

  • May serve as technical lead or project lead in projects involving testing defenses against hacking, Denial of service, spam, break-ins, or related attacks. Provide technical guidance to less senior staff or applications developers/systems administrators.


  • Bachelor's Degree or equivalent required


  • 4 years of related experience


  • Demonstrable knowledge of Application security, risk assessment, validation of security penetration/Dynamic test results, static code testing/scanning/analysis and vulnerability resolution

  • Demonstrable knowledge of secure coding practices and the ability to conduct security assessments and analysis of applications

  • Ability to review application source code for vulnerabilities, using both manual and automated code scanning techniques

  • Ability to identify vulnerabilities in closed source applications through dynamic security assessments

  • Ability to identify and explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options

  • Ability to initiate and promote activities to foster Information Security awareness and education among application development

  • Ability to create and maintain malware / phishing campaigns

  • Strong scripting / automation skills (particularly in the languages of Python, Java, and JavaScript)

  • Information security and application security or application development experience

  • Ability to coordinate activity among multiple teams, both technical and non-technical

  • Strong verbal and written communications skills; comfortable briefing senior management

  • Strong interpersonal skills for developing relationships with individuals and teams across the enterprise

  • Ability to provide creative solutions and workarounds for difficult problems in a fast paced environment


  • Strong understanding of fundamental Application Security concepts, including common types of attacks and exploitation techniques

  • Experience with various application security tools (name a few--BURP, ZAP, Kali, WebInspect/AppScan, dependency check, fortify, Sonatype)

  • Strong understanding and knowledge of the Cyber Kill Chain / MITRE ATT&CK Framework

  • Solid understanding of common web and systems application vulnerabilities

  • Familiarity with key security concepts/frameworks such as OWASP, CVE, and CVSS

  • Familiarity with emerging applications security exploits and willingness to research them

  • Familiarity with AWS and containers is preferred but not required

  • Prior development background is preferred but not required

  • Familiarity with Mobile application security assessment preferred but not required

  • Familiarity with security automation preferred but not required

  • Prior Threat Intelligence experience preferred but not required


As a condition of employment with Fannie Mae, any successful job applicant will be required to pass to successfully complete a background investigation.

Fannie Mae is an Equal Opportunity Employer.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr Cyber Security Analyst

Engility Corporation

Posted 2 days ago

VIEW JOBS 11/14/2019 12:00:00 AM 2020-02-12T00:00 The SAIC Cyber Security Analyst is responsible for shift lead duties related to the real-time 24/7 monitoring, analysis, and resolution of identified security events. Will support daily security operations center activities utilizing a SIEM and monitor events from multiple sources including but not limited to firewall logs, system logs (Unix and Windows), network and host based intrusion detection systems, applications, databases, and other security information monitoring tools. * Perform threat and vulnerability assessment and provide subject matter expertise on appropriate threat mitigation. * Identify intrusion activity by leveraging alert data from multiple sensors and systems and determine priority for response. * Leverage threat intelligence e.g. DSIE, NCFTA while actively monitoring critical infrastructure components. * Assess the impact of potentially malicious traffic on company network and infrastructure. * Perform in-depth analysis of anomalies in support of network monitoring and incident response operations. * Perform live incident response (reactive and proactive incident management) by identifying and remediating malicious applications and infrastructure components. * Collaborate with other Information Security and IT team members to develop and implement innovative strategies for monitoring and preventing attacks. * Develop appropriate metrics (key risk and performance indicators) to measure the monitoring program and related process. * Develop/Monitor basic IDS/IPS rules to identify and/or prevent malicious activity. * Develop and test new correlation content and use cases using SIEM filters, rules, data monitors, active lists, and session lists * Conduct research of emerging security threats. * Propose additional components and techniques that could be used to proactively detect and prevent malicious activity. * Provide other services as a key member of the Cyber Security Operations Team: * Security review and administration of changes to networks, servers and end point devices in collaboration with network operations. * Security sensor policies for IDS/IPS, Firewalls, web security gateway, logging. * Continuous Control Monitoring including Baseline Security - Configuration monitoring. - Investigations and Forensics * Provide escalated response and support to intrusion or security breach investigations * Documentation of all incidents and tickets in the appropriate systems before the end of each shift * Participate in knowledge sharing with other analysts and writing technical articles for Internal Knowledge Bases * Present with confidence, findings of an investigation * Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. * Conducts risk and vulnerability assessment at the network, system and application level. * Conducts threat modeling exercises. * Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. * Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. * Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. * Utilizes tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. * Assists in the implementation of the required policy and makes recommendations on process tailoring. * Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. * Supports security tests and evaluations required by any government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. * Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. * May provide briefings to senior staff. * Performing documentation review and improvement * Attending meetings as needed * Communicate and escalate issues and incidents as required by process or management * Additional responsibilities will include the ability to perform shift lead duties and train, mentor, and provide oversight to Junior Security Analysts. TYPICAL EDUCATION AND EXPERIENCE: Bachelors and two (2) years or more experience; Masters and 0 years related experience. Engility Corporation Reston VA

Cyber Security Analyst III

Fannie Mae Corp