Web Application Penetration Tester – Technical Lead (In Office Or Remote)

Join Freddie Mac's Red Team as an Information Security Tech Lead to strengthen organizational defenses by simulating attacker objectives. This role focuses on advanced penetration testing across web applications, infrastructure, networks, cloud, and social engineering.

• *Key Responsibilities:**
• Lead web application penetration assessments, providing tailored remediations and translating complex security concepts.
• Proactively identify vulnerabilities in web applications, APIs, and cloud environments.
• Integrate web application security into broader threat emulation scenarios.
• Develop and maintain scripts, tools, and methodologies to enhance team capabilities.
• Mentor junior team members and contribute to security policy improvement.
• *Required Qualifications:**
• 8-10 years of experience in web application penetration testing.
• One or more technical certifications: OSWA, OSWE, Burp Suite Certified Practitioner, eWPT, eWPTX.
• Expertise in identifying, exploiting, and remediating web vulnerabilities (SQLi, XSS, SSRF, CSRF).
• Solid understanding of web technologies (HTTP, DNS, HTML, JS, REST, GraphQL, Java, .NET, SQL/noSQL, OAuth) and infrastructure (cloud native, containers, PaaS).
• In-depth knowledge of secure development practices (DevSecOps, secure code review) and security frameworks (OWASP, CWE, MITRE).
• Proficient with common web application penetration testing tools (Burp Suite, Project Discovery, sqlmap) and familiar with WAF bypasses.
• Ability to work East Coast hours.
• *Preferred Skills:**
• Web-related public research (advisories, disclosures) or Bug Bounty experience.
• Proficiency in at least one scripting/programming language (Python, JavaScript, C#, Java).