Web Application Penetration Tester – Technical Lead (...

Web Application Penetration Tester – Technical Lead (In Office or Remote)At Freddie Mac, our mission of Making Home Possible is what motivates us, and it’s at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose.OverviewPosition Overview: The Freddie Mac Red Team is responsible to test the overall strength of our organization’s defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker. We are seeking an Information Security Tech Lead to assist the team by providing subject matter expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, and Purple Team. In this role, the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.ResponsibilitiesLead and perform web application penetration assessments, collaborating with stakeholders to scope engagements, translate complex security concepts, and provide tailored remediationsProactively search for vulnerabilities in web applications, web APIs, cloud environments, etc. throughout Freddie MacWork together with other Red Team members to integrate web application security into broader threat emulation scenariosDevelop and maintain scripts, tools, and methodologies to enhance processes and capabilitiesProvide mentorship and technical guidance to less experienced team membersContribute to the development and improvement of security policies, standards, and guidelinesDevelop Team Capabilities and LeadershipGenerate innovative ideas and challenge the status quoDevelop scripts, tools, or methodologies to enhance the Red teaming processes and capabilitiesParticipate in and actively support mentoring with other members of the teamAssist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staffOur ImpactThe Freddie Mac internal Red Team is responsible to continuously test the overall strength of our organization’s defenses (across all people, process, & technology) by simulating the objectives and actions of an attacker.Your ImpactIn this role, the candidate will contribute to a collaborative team as subject matter expertise in Web Application penetration testing on Freddie Mac’s internal Red Team. Additionally, the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.Qualifications8-10 years of relevant experience in web application penetration testingOne or more technical certifications: OSWA, OSWE, Burp Suite Certified Practitioner, eWPT, eWPTXAbility to critically examine web applications to identify, exploit, and remediate vulnerabilities (SQL injection, XSS, SSRF, CSRF)Solid understanding of related web technologies (DNS, HTML, JavaScript, REST, GraphQL, Java, .NET, SQL/noSQL, OAuth) and infrastructure (cloud native, containers, proxies, webservers, PaaS)In-depth knowledge of secure development practices (DevSecOps, secure code review) and security frameworks (OWASP, CWE, MITRE)Proficient with common web application penetration testing tools (Burp Suite, Project Discovery, sqlmap)Familiarity with WAF bypassesMust be willing to work east coast hoursKey to success in this roleWeb-related public research (advisories, disclosures)Previous Bug Bounty or vulnerability disclosure experienceProficiency in at least one scripting or programming language (Python, JavaScript, C#, Java)Current Freddie Mac employees please apply through the internal career site.We consider all applicants for all positions without regard to gender, race, color, religion, national origin, age, marital status, veteran status, sexual orientation, gender identity/expression, physical and mental disability, pregnancy, ethnicity, genetic information or any other protected categories under applicable federal, state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.A safe and secure environment is critical to Freddie Mac’s business. This includes employee commitment to our acceptable use policy, applying a vigilance-first approach to work, supporting regulatory mandates, and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit and register with our referral code: MAC.Time-type: Full timeFLSA Status: ExemptFreddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.This position has an annualized market-based salary range of $150,000 - $224,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.Seniority levelMid-Senior levelEmployment typeFull-timeJob functionInformation TechnologyReferrals increase your chances of interviewing at Freddie Mac by 2x #J-18808-Ljbffr

Created: 2025-09-17