Responsible for developing and administering data security policies as well as safeguarding information, evaluating existing data security procedures and identifying new areas of risk. Staff administers and trains on IT security policies and rules (e.g. log-in / passwords, etc.). Staff are involved in patch management, anti-virus program, vulnerability detection, threat analysis & response, network intrusion & response, security incident response and escalation crisis management. Provides resolutions to an extensive range of complicated problems. Solutions are innovative, thorough, and practicable. Works under limited direction Independently determines and develops approach to solutions. Work is evaluated upon completion for adequacy in satisfying objectives. Represents the organization as the principal customer contact on contracts and often performs project leadership role. Interacts with senior customer personnel on significant technical matters frequently requiring coordination across organizational lines. College Degree or equivalent experience; advanced studies/degree preferred. Typically has 5 - 7 years related experience.
Maintain a continuous process improvement work environment, recommending and implementing new/improved process in accordance with industry standards and best practices. Lead efforts to identify, evaluation, test, and implement appropriate security products, tools and systems to establish a secure infrastructure. Act as technology Subject Matter Expert in the creation and downstream enforcement of security procedures, standards, and policies. Articulate security policies, guidelines and standards to customers and developers in order to provide control and consistency throughout Freddie Mac. Perform all procedures necessary to protect the safety of the information systems from internal and external threats. Lead efforts in the identification and resolution of critical security issues. Builds, develops, and maintains relationships with internal and external customers, and vendors to formulate solutions to Freddie Mac and customer system issues related to Information Security. Support actions or recommends alternate solutions to resolve problems or situations. Researches and maintains currency regarding information security issues, solutions and potential implications for Freddie Mac. Supports designs efforts of critical projects and implements newly developed or revised systems or initiatives.
Security Monitoring - Responsible for the security monitoring and reporting of IT system resources; Responding to and investigating incidents identified by SOC; Defining the monitored activities that are logged and monitored to detect abnormal or unusual activities that may need to be investigated; Providing 24x7 CSIRT response; Preparing management reports; Managing, maintaining, and updating supporting Security Monitoring technologies; Working with technology owners to ensure successful delivery and security of audit/log data
Intrusion Detection ¿ Consult/Assist in the monitoring of network and host security infrastructure. Consult/Assist in the performance of impact assessments and validation of attacks (successful/unsuccessful) against the Freddie Mac IT infrastructure; Assist in the design, deployment, and configuration of countermeasures as appropriate; Reviewing/identifying current vulnerabilities, attacks and appropriate countermeasures. Interface with other technology owners to ensure proper detection of potential security issues
- Analyze security data including intrusion detection system (IDS) events, system logs, Firewall Logs, network traffic analysis in response to security events and incidents
- Implement new technologies / processes to support Information Security intrusion detection activities
- Monitor security intelligence feeds and analyze impact to system infrastructure;
Vulnerability Management - Collect vulnerability and threat information from vendors, researchers, and other sources; Perform correlation of threat/vulnerability sources to provide recommendation on potential actions and assessment of overall security threat posture
- Understand business impact of security incidents and recommend corrective or preventative actions
Investigations ¿ Conduct Information Security Investigations/Forensics analysis; Participate in Computer Security Incident Response teams.
- Collect, preserve, and analyze computer evidence in support of Information Security investigations / Incident Response process
- Experience in system administration / security administration of multiple platforms and operating systems such as Solaris/AIX/Linux and Microsoft Windows Server 2000/2003
- Demonstrated knowledge of network protocols, architecture and packet analysis
- Strong Knowledge of malware and anti-malware tools
- Experience with the following security technologies is required: Intrusion Detection Systems (IDS), Vulnerability Scanners, Forensics Tools, Malware Analysis Tools, Log Collection systems, SIEMs, Data Loss Prevention and End Point Solutions.
- Strong technical analysis writing and communication skills
- 4-year degree in Information Security, Computer Science, Information Technology, Management Information Systems or equivalent work experience
High Risk Job
- Previous Security Operations Center (SOC) experience
- Prior Forensic Analysis experience preferred. Experience using EnCase Forensics, FTK, Helix, and other open source tools a plus.
- GSEC, GCIH, CCNA, CISSP or similar security related industry certification
- Must be able to work independently and in a team environment
Candidates submitting an employment application for high risk jobs, whether internal or external, must sign a Disclosure Statement consenting to a credit and criminal background investigation or the applicant will not be eligible for an employment offer.
Freddie Mac is a shareholder-owned company with an important public mission: to make home possible for more of America's families. To do this, we need smart, creative people from diverse backgrounds who want to make a difference in other people's lives as well as their own. We demonstrate our commitment to employees by providing a comprehensive Total Rewards Program. Freddie Mac is an equal opportunity employer who firmly supports and recognizes the value of diversity. EOE, M/F/D/V.
Freddie Mac - 19 months ago