Cyber Security Analyst II


Are you interested in helping solve today's most critical housing challenges? In simplest terms, Fannie Mae serves the people who house America. We work at the heart of housing by providing reliable, affordable mortgage financing in all markets at all times, buying loans that banks and other lenders originate, so they can fund new loans. This gives more people the opportunity to buy, refinance, or rent homes and apartments. Creating these opportunities is what drives the people who work at Fannie Mae.

For more information about Fannie Mae, visit


Under limited supervision, design and administer procedures in the organization that sustain the security of the organization?s data and access to its technology and communications systems. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization?s systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organization?s data security measures.


  • Conduct platform or operating system vulnerability scans which assess exposure of system to attacks or hacking. Respond to questions and issues raised regarding viral activity, spam/phishing etc. Produce reports.
  • Serve as organization's POC for the third party certification of security procedures and use of cyber security protections. Ensure that system's security controls, policies and procedures examined, measured and validated against third party standards.
  • Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.
  • Participate in internal reviews by auditors, operational risk assessment staff, or compliance/reporting staff to prepare assessments or reports of operational risks associated with IT/IS infrastructure, access to systems, exposure to attacks, etc.
  • Participate in developing and testing of new methodologies and systems for recovery of the critical core business processes and the enterprise infrastructure.
  • Review commercial products available to enhance corporate hardware, platforms, applications and data. May test or evaluate products under consideration for purchase or licensing.

  • Bachelor's Degree or equivalent required
  • 2 years of related experience
  • Demonstrable knowledge of application security, risk assessment, validation of security penetration/dynamic test results, static code testing/scanning/analysis and vulnerability resolution.
  • Experience with secure coding practices and is capable of conducting security assessments and analysis of applications in order to find vulnerabilities through manual and automated code scanning techniques.
  • Ability to identify security requirements for applications and services and to effectively discuss requirements with internal teams and business owners.
  • Can explain the risks associated with common application vulnerabilities in order to demonstrate exploitation and then recommend mitigation options.
  • Take initiative to promote activities to foster Information Security awareness and education among application development.
  • Strong interpersonal and communication skills for developing relationships with individuals and teams across the enterprise (including senior management).
  • Familiarity with emerging applications security exploits and willingness to research them.
  • Solid understanding of frequently used web application security testing tools and common web / systems application vulnerabilities.
  • Familiarity with key security concepts and frameworks such as OWASP, CVE, and CVSS.
  • Thorough understanding of application architecture and supporting component.
  • Solid Developers with 3 years of experience with development stack like java, database who are interested in getting trained in Application security are welcome to the team.

As a condition of employment with Fannie Mae, any successful job applicant will be required to pass a pre-employment drug screen and to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.

Fannie Mae is an Equal Opportunity Employer.

Share this Job

Other Locations For This Job