Cyber Security Incident Response Tech Lead - McLean, United States - Freddie Mac

Description

At Freddie Mac, you will do important work to build a better housing finance system and you'll be part of a team helping to make homeownership and rental housing more accessible and affordable across the nation.

Employees, contingent workers and visitors are no longer required to show proof of vaccination to be on-site. Effective January 2023, Freddie Mac's hybrid work arrangement is 3 days in the office (specifically Tuesday, Wednesday & Thursday).

Position Overview:

The Cyber Security Tech Lead position is part of the Cyber Security team that helps fulfill the Information Security department's vision of reducing information risk by ensuring and enhancing the Confidentiality, Availability, and Integrity of Information systems at Freddie Mac. This role collaborates with the Incident Response team Manager and leads the development and delivery of technical solutions related with security incident response processes. The Tech Lead is responsible for developing processes, procedures, methodologies, and new response mechanisms to analyze various security events/incidents accurately and respond accordingly. Activities require minimal assistance from management in responding to security incidents. Coordinating triage, Containment, Eradication, Recovery, Lessons Learned, and Recommendation steps in response to potential security threats affecting the company's information assets. The Tech Lead builds and maintains relationships with internal customers, external customers, and vendors to formulate remediation solutions for issues related with Information Security and must ensure appropriate response action are driven to deliver high quality information security processes, procedures, and solutions to protect the confidentiality and integrity of Freddie Mac information assets.

**This position has an on-call requirement

Our Impact:

As a Technical Lead, you will be part of the Cyber Security Incident Response team (CSIRT) at Freddie Mac and will help fulfill the Information Security department's vision of reducing information risk by ensuring and enhancing the Confidentiality, Availability, and Integrity of Information systems at Freddie Mac. You will assist in responding to security incidents in a critical production environment, such as investigating and remediating possible endpoint malware infections, mitigating threats such as unauthorized use, phishing, and violation of corporate security policy. You will coordinate response, efforts in accordance with the incident response life cycle for security events affecting the company's information assets. You will lead the development and delivery of our technical solutions related with security incident response, including building of processes, procedures, and methodology, as well as new response mechanisms. You will be responsible for developing processes and procedures to analyze various security events/incidents consistently. You will build, develop, and maintain relationships with internal and external customers, and vendors to formulate remediation solutions for issues related with Information Security. You will ensure the appropriate response action are driven to deliver high quality information security processes, procedures and solutions to ensure the confidentiality and integrity of Freddie Mac information assets.

Your Impact:Technical

• Protects and secures company resources in physical, virtual, Cloud, and SAAS infrastructures.
• Responsible for managing security incidents identified from the enterprise SIEM tool, threat intelligence, end user notifications, etc.
• Determine security risk impact and responding accordingly
• Coordinate's response efforts including but not limited to; Triage, Containment, Eradication, Recovery, Lessons Learned, and Recommendations affecting the company's information assets and activities within the Incident Response team
• Works with other Cyber functions to understand the threat landscape and build response action plans
• Develops domain expertise across the breadth of the program and drives development and design of Incident Response workflows
• Participates in the review of new SIEM use cases and documents requirements for analyzing and responding to such threats
• Helps to continually identify, evaluate, and monitor threats that could affect operational and business activities

Leadership

• Provides tactical support to peers and security analysts across teams, who deliver Cybersecurity's scaled threat detection, assessment, and response efforts
• Acts as a mentor / role model and trains team members with less experience and knowledge
• Lead development of CSIRT playbooks and ensures to update existing incident response playbooks to ensure response activities align with current standard processes
• Minimize gaps in response processes and provide comprehensive mitigation actions of threats while providing sufficient guidance to junior analysts on IR activities
• Leads technical activities, plans, and tracks delivery deadlines, and oversees tactical delivery of improvements to the Incident Response processes
• Assists in day-to-day Cyber Security Incident Response team operations to ensure Security threats and events are being handled efficiently
• Manages development and improvement of processes and procedures related to Cyber Security that includes response to advanced persistent threats
• Performs as a strong team contributor, both independently and cross-functionally
• Prioritizes work without management direction and provides clear and documented status updates to management and the team
• Augments Incident Response team to ensure 24/7/365 coverage and works evenings and weekends, when necessary; sometimes with little or no advanced notice

Communication and Collaboration

• Briefs and updates senior leadership and other collaborators on active incidents and manages expectations
• Delivers ad hoc or structured presentations effectively to business, technical and management collaborators and adjusts as appropriate to the audience
• Builds and leverages effective relationships across Information Security teams including Threat Intel, Forensics, Threat Detection and Vulnerability Management; as well as various teams in lines-of-business,
• Ensures clear lines of communication and a comprehensive approach to security
• Coordinates with Information Security teams to ensure solution assurance and compliance to security policy, procedures, standards, and baseline security configurations
• Collaborates on development of SOPs, resiliency plans, and other necessary documentation to support Security Operations

Qualifications:

• 8+ years of Information Security or related experience
• 3-5+ years of Hands-on Information Security SOC/Incident Response experience with analyzing IOCs/Alerts as identified by SOC & Threat Intel teams
• Demonstrated experience in handling security events in important environments; hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in solving day-to-day operational processes such as security monitoring, data correlation, security operations etc.
• Advanced understanding of security incident response, such as different phases of response life cycle, Indicators of Compromise (IoCs), etc.
• Experience analyzing system and application logs to investigate security issues and/or complex operational issues
• Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, SIEM, UBA, DLP, IDS/IPS, EDR, NDR, Network Packet Analysis, etc.)
• Demonstrated experience with applying SIEM such as Splunk (preferred), ArcSight, QRadar, etc. in investigating security issues and / or complex operational issues on Windows and Unix
• Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases)
• Relevant security knowledge and experience in at least two of the following areas: security operations, incident response, network/host intrusion detection, threat response
• Ability to communicate clearly, effectively, persuasively, and credibly with internal management and external Tech Lead level oversight entities
• Bachelor's degree in Information Security, Computer Science, Information Technology, related field or equivalent work experience
• At least 1 SANS Certification

Keys to Success in this Role:

• Self-starter and self-motivated
• Ability to work & collaborate effectively in a team environment
• A sense of humor.
• Ability to communicate clearly, effectively, persuasively, and credibly with internal management and external entities
• Motivated to learn new technologies and come up with process improvements and efficiencies
• Sense of urgency and able to apply risk-based approach to prioritize work
• Ability to adopt change while continuing to deliver on assigned objectives
• Strong verbal and written communication skills

Current Freddie Mac employees please apply through the internal career site.

Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you'll do important work for the housing finance system and make a difference in the lives of others.

We are an equal opportunity employer and value diversity and inclusion at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by applicable law. We will ensure that individuals with differing abilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit and register with our referral code: MAC.

The anticipated annualized base salary range for this position is $126,000 to $188,000 and is eligible to participate in the annual incentive program.