Cyber Security Analyst III

Job Description


Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.

Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.

For more information about Fannie Mae, visit


Design and administer procedures in the organization that sustain the security of the organization's data and access to its technology and communications systems. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organization's data security measures.


  • Conduct platform or operating system vulnerability scans which assess exposure of system to attacks or hacking. Respond to questions regarding viral activity, concerns about spam/phishing etc. Produce reports.
  • Serve as organization's POC for the third party certification of security procedures and use of cyber security protections. Ensure that system's security controls, policies and procedures examined, measured and validated against third party standards.
  • Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.
  • Lead projects as related to technology refresh/evaluation such as Load Balancing and SSL technology. Research corrective measures (long term solutions) needed for any chronic issues identified that compromise security of particular systems or platforms.
  • Participate in developing and testing of new methodologies and systems for recovery of the critical core business processes and the enterprise infrastructure.
  • May serve as technical lead or project lead in projects involving testing defenses against hacking, Denial of service, spam, break-ins, or related attacks. Provide technical guidance to less senior staff or applications developers/systems administrators.


  • Bachelor's Degree or equivalent required


  • 4+ years of related experience


  • Demonstrable knowledge of Application security, risk assessment, validation of security penetration/Dynamic test results, static code testing/scanning/analysis and vulnerability resolution
  • Demonstrable knowledge of secure coding practices and the ability to conduct security assessments and analysis of applications
  • Ability to review application source code for vulnerabilities, using both manual and automated code scanning techniques
  •  Ability to identify vulnerabilities in closed source applications through dynamic security assessments
  • Ability to identify and explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options
  • Ability to initiate and promote activities to foster Information Security awareness and education among application development
  • Ability to create and maintain malware / phishing campaigns
  • Strong scripting / automation skills (particularly in the languages of Python, Java, and JavaScript)
  • Information security and application security or application development experience
  •  Ability to coordinate activity among multiple teams, both technical and non-technical
  • Strong verbal and written communications skills; comfortable briefing senior management
  • Strong interpersonal skills for developing relationships with individuals and teams across the enterprise
  • Ability to provide creative solutions and workarounds for difficult problems in a fast paced environment


  • Strong understanding of fundamental Application Security concepts, including common types of attacks and exploitation techniques
  • Experience with various application security tools (name a few--BURP, ZAP, Kali, WebInspect/AppScan, dependency check, fortify, Sonatype)
  • Strong understanding and knowledge of the Cyber Kill Chain / MITRE ATT&CK Framework
  • Solid understanding of common web and systems application vulnerabilities
  • Familiarity with key security concepts/frameworks such as OWASP, CVE, and CVSS
  • Familiarity with emerging applications security exploits and willingness to research them
  • Familiarity with AWS and containers is preferred but not required
  • Prior development background is preferred but not required
  • Familiarity with Mobile application security assessment preferred but not required
  • Familiarity with security automation preferred but not required
  • Prior Threat Intelligence experience preferred but not required                                 


As a condition of employment with Fannie Mae, any successful job applicant will be required to pass to successfully complete a background investigation.


Fannie Mae is an Equal Opportunity Employer.

Req ID: 57142