Web Application Penetration Tester Senior (Remote Work Schedule)

Freddie Mac-posted 9 months ago
$126,000 - $190,000/Yr
Full-time • Senior
Remote • McLean, VA
Credit Intermediation and Related Activities
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

At Freddie Mac, you will do important work to build a better housing finance system and you'll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation. The Freddie Mac Red Team is responsible to test the overall strength of our organization's defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker. We are seeking an Information Security Senior to assist the team by providing subject matter expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, and Purple Team. In this role, the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.

  • Penetration Testing and Red Team assessments
  • Perform web application penetration tests, including manual and automated testing techniques
  • Identify and exploit vulnerabilities in web applications, APIs, and related technologies
  • Develop and maintain scripts, tools, and methodologies to enhance web application security testing processes and capabilities
  • Provide detailed vulnerability analysis and contextual feedback to development and operations teams
  • Collaborate with stakeholders to scope prospective engagements, lead engagements, and mentor less experienced staff
  • Collaborate with the Red Team to integrate web application penetration testing findings into broader threat emulation scenarios and organizational security assessments
  • Contribute to the development and improvement of security policies, standards, and guidelines
  • Generate innovative ideas and challenge the status quo
  • Participate in and actively support mentoring with other members of the team
  • Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
  • 5+ years of relevant experience in web application security and penetration testing
  • One or more technical certifications: OSWA, OSWE, OSCP, GWAPT, GMOB, OSEE, OSEP, or similar
  • Proficient with common web application penetration testing tools (e.g., Burp Suite, OWASP ZAP)
  • Solid understanding of web technologies (e.g., HTTP, HTML, JavaScript, REST, SOAP) and common web application vulnerabilities (e.g., SQL injection, XSS, CSRF)
  • Knowledge of secure coding practices and application security frameworks (e.g., OWASP)
  • Ability to critically examine web applications and systems through the perspective of a threat actor
  • Experience with secure development practices and code review
  • Proficiency in at least one scripting or programming language (e.g., Python, JavaScript, Ruby)
  • In-depth knowledge of cloud security for web applications (e.g., AWS, Azure, GCP)
  • Experience with mobile application security testing and relevant tools (e.g., MobSF, Frida, Burp Suite Mobile Assistant)
  • Competitive compensation
  • Market-leading benefit programs
  • Annual incentive program
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Senior Test Engineer Resume Examples
Senior Test Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service