Hiring During COVID-19: Fannie Mae is hiring for all open positions as we deliver on our mission of providing stability, liquidity, and affordability to the housing market during this critical time. All interviews and onboarding are conducted virtually. We look forward to connecting with you. Learn more

Cyber Security Analyst IV

Job Description


Fannie Mae provides reliable, large-scale access to affordable mortgage credit in communities across our nation. We are the leading source of funding for housing in America, which means more people can buy or rent a home. We are focused on sustaining the housing recovery, improving our company, and leading change to make housing better.

Join our diverse, high-performing team and make a difference as we work together to enable access to a good home.


Design and administer procedures in the organization that sustain the security of the organization's data and access to its technology and communications systems. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organization's data security measures.



  • Conduct platform or operating system vulnerability scans and assess exposure of system to attacks or hacking. Respond to questions regarding exposure, remediation and mitigating controls to potential emergency critical vulnerabilities. Create and generate customized vulnerability and secure configuration baseline reports and dashboards as needed.
  •  Conduct secure configuration baseline scans such as based on Center of Internet Security (CIS) benchmarks for various technologies. Customize or create source scan files for vulnerability and secure configuration baseline scans.
  • Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.
  • Lead projects as related to technology refresh/evaluation such as Load Balancing and SSL technology. Research corrective measures (long term solutions) needed for any chronic issues identified that compromise security of particular systems or platforms.
  • Participate in developing and testing of new methodologies and systems for recovery of the critical core business processes and the enterprise infrastructure.
  • Serve as technical lead or project lead in projects involving testing defenses against hacking, Denial of service, spam, break-ins, or related attacks. Provide technical guidance to less senior staff or applications developers/systems administrators.



Education Level Required (if any)
Bachelor’s degree or Equivalent

Area of Study Required (if any)
·Computer Science or IT/IS

Certifications Preferred (if any)
·Industry certifications (e.g. Security+, CISSP) (preferred but not required)
·Cloud certifications (e.g. AWS Certified Cloud Practitioner) - preferred but not required


· 6-8 years of related experience
· Experience performing security assessments in a corporate environment and have an awareness of public or private cloud infrastructure
· In-depth experience managing the security vulnerability life-cycle from detection through notification and closure whether through the determination of false positive, risk acceptance, or remediation.
· In-depth experience in assessing mitigating controls if timely remediation is not feasible.
· In-depth experience in analyzing false positives and validating the effectiveness of patches applied.
· Experience conducting vulnerability or compliance scans and analysis against Docker images
· Experience utilizing vulnerability management tools in a corporate environment
· Experience conducting secure configuration baseline scanning using at least Center of Internet Security (CIS) in a corporate environment baseline scanning using at least Center of Internet Security (CIS) in a corporate environment
· Experience using APIs associated with Tenable.sc (formerly Security Center) and/or Nessus scanning tools, (formerly Security Center) and/or Nessus scanning tools.
· Experience creating and/or customizing scanning source files for vulnerability and secure configuration baseline scans in Tenable.sc (formerly Security Center) and/or Nessus
· Experience in assessing network reachability leveraging tools such as AWS Inspector
· Excellent understanding of a diverse range of technologies (such as operating system, third-party software, middleware, databases, network devices, databases etc.).
· High-level critical thinking and detail analysis needed to perform duties related to projects, compliance, metrics, assurance, vulnerabilities, secure configuration findings or threats.
· Good organizational skills with the ability to take the appropriate actions, while also enforcing established security standards.
· Ability to clearly and effectively communicate Information Security matters to senior leadership, management, auditors, technical staff, and end users.
· Ability to work effectively and organize priorities independently
· Decision-making and problem-solving skills including the ability to clearly define and resolve issues
· Excellent analytical and problem-solving skills
· Strong interpersonal, oral and written communication skills
· Exemplary personal and professional integrity
· Ability to work in a team environment
· Some exposure to scripting and automation
· Strong knowledge of Windows as well as UNIX operating systems.
· Excellent time management skills.


As a condition of employment with Fannie Mae, any successful job applicant will be required to successfully complete a background investigation.
Fannie Mae is an Equal Opportunity Employer.

Req ID: 59449