Pen Tester II

Job Description

THE COMPANY

Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.

Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.

For more information about Fannie Mae, visit http://www.fanniemae.com/progress

JOB INFORMATION

Under limited supervision, design and administer procedures in the organization that sustain the security of the organization's data and access to its technology and communications systems. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organization's data security measures.

KEY JOB FUNCTIONS

  • Conduct platform or operating system vulnerability scans which assess exposure of system to attacks or hacking. Respond to questions and issues raised regarding viral activity, spam/phishing etc. Produce reports.
  • Serve as organization's POC for the third party certification of security procedures and use of cyber security protections. Ensure that system's security controls, policies and procedures examined, measured and validated against third party standards.
  • Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.
  • Participate in internal reviews by auditors, operational risk assessment staff, or compliance/reporting staff to prepare assessments or reports of operational risks associated with IT/IS infrastructure, access to systems, exposure to attacks, etc.
  • Participate in developing and testing of new methodologies and systems for recovery of the critical core business processes and the enterprise infrastructure.
  • Review commercial products available to enhance corporate hardware, platforms, applications and data. May test or evaluate products under consideration for purchase or licensing.

EDUCATION

  • Bachelor's Degree or equivalent required


MINIMUM EXPERIENCE

  • 2+ years of related experience

 

SPECIALIZED KNOWLEDGE & SKILLS

  • Demonstrable knowledge of Application security, risk assessment, validation of security penetration/Dynamic test results, static code testing/scanning/analysis and vulnerability resolution
  • Demonstrable knowledge of secure coding practices and the ability to conduct security assessments and analysis of applications
  • Ability to review application source code for vulnerabilities, using both manual and automated code scanning techniques
  • Ability to identify vulnerabilities in closed source applications through dynamic security assessments
  • Ability to identify and explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options
  • Ability to initiate and promote activities to foster Information Security awareness and education among application development
  • Ability to create and maintain malware / phishing campaigns
  • Strong scripting / automation skills (particularly in the languages of Python, Java, and JavaScript)

#LI-TH1                                     

EMPLOYMENT              

As a condition of employment with Fannie Mae, any successful job applicant will be required to pass to successfully complete a background investigation.

 

Fannie Mae is an Equal Opportunity Employer.


Req ID: 58108