Employees, contingent workers and visitors are no longer required to show proof of vaccination to be on-site. Effective January 2023, Freddie Mac’s hybrid work arrangement is 3 days in the office (specifically Tuesday, Wednesday & Thursday).

Position Overview:

This role be will be part of the Information Security Operations and Engineering department. This position is responsible for providing Public Key Infrastructure (PKI), Cryptography, Certificate and Key Management (KCM), Data-at-Rest and Data-in-Transit Encryption support for the infrastructure and applications across multi-site enterprise cloud and data center environments.

Our Impact:

Our team is a dynamic, hard-working team that is tasked with providing cryptography expertise to the firm, including encryption (at-rest and in-transit) and key management services.

Your Impact:

Technical Leadership

• Work closely with technology and business stakeholders to implement shared PKI/KCM migration and upgrade goals, determine security requirements, design and implement solutions to meet business objectives, IT strategic initiatives, corporate and regulatory requirements.
• Establish and execute an enterprise-wide PKI, Encryption at rest and in transit, and Cryptography governance process in collaboration with Information Security and Enterprise Architecture to adequately plan, communicate and deploy enterprise configurations as new cryptographic standards are adopted.
• Communicate effectively with clients to identify needs and evaluate alternative technical solutions and strategies.
• Protect and secure company resources in the cloud, virtual and physical infrastructures.
• Stay current with developing technologies, emerging threat landscape and predict impact of changing technologies.

Support of Design, Build and Operations

• Perform the planning, design, implementation and Level 3 support of IT Security solutions related to PKI, encryption at rest and in transit, KCM and Cryptography.
• Provide enterprise support to internal teams for use, configuration, and troubleshooting of PKI and cryptographic technologies, including HSMs, TLS protocols and cipher suites, PKI enrollment and management of certificates.
• Support the security risk assessment of applications and infrastructure.
• Ensure effective execution of key IT controls and remediation of incident response, vulnerability analysis and threat intelligence.
• Provide technical guidance, develop design documents, perform product installation, upgrades and certification, implementation plan, deployment and troubleshooting support.
• Diagnose, solve and provide root cause analysis for PKI and encryption related issues.
• Ensure consistent delivery of superior technical solutions.

Change Agent

• Champion technology and tools change that improves delivery processes.
• Act as an agent for change to reflect the latest PKI and Cryptography standards in new technologies and tools.
• Serve as an enterprise subject matter expert (SME) and advocate of IT Security standards and reference architectures related to PKI and Cryptography.
• Coordinate with Information Security team to ensure solution assurance and compliance to security policy, procedures, standards and baseline security configurations.

Team Leadership

• Support other operational team members by providing technical information, reviewing designs and making recommendations.
• Mentor junior members of the operations and engineering team.
• Help coordinate deployments with other engineers and make schedule recommendations.
• Must be able to effectively perform both independently and collaboratively as a strong team leading contributor.

Qualifications

• Bachelor’s degree in Information Technology, Engineering, Computer Science, related field or equivalent experience.
• At least 8-10 years of relevant experience in IT Security.
• 5+ years of experience planning, designing and implementing of PKI infrastructure, including integration with core infrastructure components (servers, desktops and other devices) to automate the management of the certificate lifecycle (issuance, notification of expiration/revocation, replacement with restart of impacted services) and SSH keys in a large organization.
• Experience with scripting tools to automate routine tasks.
• Possess good working knowledge of PKI, SSL/TLS, multi-factor authentication, X.509 token, single sign-on, federated identity, SSH and certificate management solutions.
• Knowledge of security issues, techniques and implications across computing platforms.
• Knowledge of Ping, SMARTCARD and Multifactor authentication.
• Knowledge of information security standards (e.g., ISO, NIST).

Preferred Skills

• Experience with scripting languages – Python, shell scripting, JavaScript, Perl, SQL.
• Exposure to varied operating systems – UNIX/Linux, Windows.
• Experience designing cloud-based solutions.
• Experience with operational server and client use of PKI for Network Authentication, TLS (cipher suite) configuration across multiple systems/clients (Windows, Linux), enrollment and installation and troubleshooting experience.
• Experience with AppViewX, EJBCA, AWS KMS, ADCS a plus.
• Experience with use of PKI for systems and processes supporting web presence (Web PKI), including Apache, Weblogic, and other front-end servers and processes.
• General understanding of key IT components – Secure LDAP, Networking, firewall, load balancing, Federated Identity.
• Experience in the financial services industry and Freddie Mac’s role in the industry.

Key to success in this role

• Works under minimal supervision to provide technical guidance to the team.
• Good communication and team player.
• Strong written and oral communications skills.
• Proactive in nature with customer satisfaction as primary goal.
• Innovative in providing solutions, likes to take on challenges with calculated risk.
• Quick learner of new technologies and tools.

Current Freddie Mac employees please apply through the internal career site.

Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you’ll do important work for the housing finance system and make a difference in the lives of others.

We are an equal opportunity employer and value diversity and inclusion at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by applicable law. We will ensure that individuals with differing abilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit www.BountyJobs.com and register with our referral code: MAC.

The anticipated annualized base salary range for this position is $118,000 to $178,000 and is eligible to participate in the annual incentive program.