Cyber Incident Management Analyst III

Job Description

Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.
Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.

Design and administer procedures in the organization that sustain the security of the organization's data and access to its technology and communications systems. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organization's data security measures.


  • Conduct platform or operating system vulnerability scans which assess exposure of system to attacks or hacking. Respond to questions regarding viral activity, concerns about spam/phishing etc. Produce reports.
  • Serve as organization's POC for the third party certification of security procedures and use of cyber security protections. Ensure that system's security controls, policies and procedures examined, measured and validated against third party standards.
  • Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.
  • Lead projects as related to technology refresh/evaluation such as Load Balancing and SSL technology. Research corrective measures (long term solutions) needed for any chronic issues identified that compromise security of particular systems or platforms.
  • Participate in developing and testing of new methodologies and systems for recovery of the critical core business processes and the enterprise infrastructure.
  • May serve as technical lead or project lead in projects involving testing defenses against hacking, Denial of service, spam, break-ins, or related attacks. Provide technical guidance to less senior staff or applications developers/systems administrators.

Education Level Required (if any)
Bachelor Degree or Equivalent
Area of Study Preferred(if any)
Computer Science or IT/IS

4-6 years of related experience


  • Incident Coordination - Responsible for interfacing with groups within and outside of Information Security to coordinate security incident activities according to incident response playbooks.
  • Incident Communication - Central point of communication when incidents occur. Business and operations teams will communicate through the Cyber Incident Management team to ensure that incident responders can focus on technical work. CIM will be the first contact for questions regarding ongoing and past incidents and vulnerabilities.
  • Executive Reporting - Responsible for drafting incident and vulnerability related notifications and updates that will be distributed throughout the company to include affected parties, management and senior leadership. Also responsible for simplifying technical write-ups for a broader audience.
  • Intrusion Techniques & Tactics - The analyst must understand current and past methods for breaching a company’s defenses. This is very important when discussing remediation of vulnerabilities, thoroughly documenting and communicating incidents, threat modeling and, designing and implementing table tops.
  • Must have excellent writing and communication skills - Excellent writing and communication skills are extremely important as a member of the CIM team because of the types of audiences their communications will be distributed to. This includes managers, senior leadership, board members, and regulators.
  • Must be able to collaborate across multiple teams - When security incidents occur it often affected multiple teams within the environment that must work together to contain and remediate the threat.

As a condition of employment with Fannie Mae, any successful job applicant will be required to successfully complete a background investigation.
Fannie Mae is an Equal Opportunity Employer.

Req ID: 58603