Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.
Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.
For more information about Fannie Mae, visit http://www.fanniemae.com/progress
Design and administer procedures in the organization that sustain the security of the organization's data and access to its technology and communications systems. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organization's data security measures.
KEY JOB FUNCTIONS
Conduct platform or operating system vulnerability scans which assess exposure of system to attacks or hacking. Respond to questions regarding viral activity, concerns about spam/phishing etc. Produce reports.
Serve as organization's POC for the third party certification of security procedures and use of cyber security protections. Ensure that system's security controls, policies and procedures examined, measured and validated against third party standards.
Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.
Lead projects as related to technology refresh/evaluation such as Load Balancing and SSL technology. Research corrective measures (long term solutions) needed for any chronic issues identified that compromise security of particular systems or platforms.
Participate in developing and testing of new methodologies and systems for recovery of the critical core business processes and the enterprise infrastructure.
May serve as technical lead or project lead in projects involving testing defenses against hacking, Denial of service, spam, break-ins, or related attacks. Provide technical guidance to less senior staff or applications developers/systems administrators.
SPECIALIZED KNOWLEDGE & SKILLS
Demonstrable knowledge of Application security, risk assessment, validation of security penetration/Dynamic test results, static code testing/scanning/analysis and vulnerability resolution
Demonstrable knowledge of secure coding practices and the ability to conduct security assessments and analysis of applications
Ability to review application source code for vulnerabilities, using both manual and automated code scanning techniques
Ability to identify vulnerabilities in closed source applications through dynamic security assessments
Ability to identify and explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options
Ability to initiate and promote activities to foster Information Security awareness and education among application development
Ability to create and maintain malware / phishing campaigns
Information security and application security or application development experience
Ability to coordinate activity among multiple teams, both technical and non-technical
Strong verbal and written communications skills; comfortable briefing senior management
Strong interpersonal skills for developing relationships with individuals and teams across the enterprise
Ability to provide creative solutions and workarounds for difficult problems in a fast paced environment
Strong understanding of fundamental Application Security concepts, including common types of attacks and exploitation techniques
Experience with various application security tools (name a few--BURP, ZAP, Kali, WebInspect/AppScan, dependency check, fortify, Sonatype)
Strong understanding and knowledge of the Cyber Kill Chain / MITRE ATT&CK Framework
Solid understanding of common web and systems application vulnerabilities
Familiarity with key security concepts/frameworks such as OWASP, CVE, and CVSS
Familiarity with emerging applications security exploits and willingness to research them
Familiarity with AWS and containers is preferred but not required
Prior development background is preferred but not required
Familiarity with Mobile application security assessment preferred but not required
Familiarity with security automation preferred but not required
Prior Threat Intelligence experience preferred but not required
As a condition of employment with Fannie Mae, any successful job applicant will be required to pass to successfully complete a background investigation.
Fannie Mae is an Equal Opportunity Employer.
Fannie Mae Corp