• Design Secure Systems: Partner with engineering teams to conduct threat modeling. • Drive Proactive Defense: Build and maintain automated scanning, penetration testing frameworks. • Own Governance & Compliance: Lead technical implementation of controls for ISO 27001 and TX-RAMP. • Lead Incident Response: Act during security events and lead investigations. • Mentor the Team: Host workshops to empower developers to write secure code.

Job Description We are looking for a creative “breaker” to join our team as a Multimodal Red Team Specialist. In this role, you won’t just be prompting AI models—you’ll be stress-testing them across modalities. Think adversarial image-text pairings, visual prompt injection, manipulated media, and cross-modal exploits that slip past safety classifiers designed to catch text alone. You’ll generate adversarial multimodal content and evaluate model outputs against structured safety taxonomies—probing the seams where vision, language, and audio intersect. If you think in compositions rather than single inputs, this is your role. This is an asynchronous, remote position designed for self-starters who thrive in the gray areas between visual media, linguistics, and security. Work Details - Cross-Modal Attack Design: Create adversarial image-text pairings, manipulated screenshots, and synthetic media designed to bypass multimodal safety layers—where each input looks benign alone, but the combination is not. - Visual Exploit Discovery: Use your eye for visual context, framing, and implicit meaning to find harms that automated image classifiers and text-only filters miss—deepfakes, out-of-context imagery, steganographic prompt injection, OCR pipeline exploits. - Model Evaluation: Systematically evaluate and rank multimodal model outputs against calibrated severity rubrics to determine where safety guardrails are failing, over-refusing, or producing cross-modal inconsistencies. - Knowledge Loop: Document your attack vectors, failure patterns, and reproducible examples clearly—producing actionable intelligence reports that help model developers patch vulnerabilities. - Campaign Execution: Participate in structured red-teaming campaigns with defined deliverables, progress tracking via master trackers, and inter-annotator reliability targets. Who You Are - Heavy Multimodal AI Usage — hands-on experience with vision-language models, image generation systems, and multimodal assistants (open- and closed-source). You’ve pushed these systems and know where they crack. - You have a “hacker mindset” that extends to visual media. You don’t just think about what to type—you think about what image to pair it with, what metadata to embed, what visual context shifts the meaning. - You’re visually literate. You understand framing, context manipulation, and how images carry implicit meaning that models may misread or miss entirely. - You can turn a chaotic afternoon of multimodal prompt-hacking into a clean, calibrated, actionable report with severity ratings and reproducible examples. - You understand the weight of this work. You can handle sensitive or “dark” content across text and visual modalities—professionally and within ethical boundaries. - You’re comfortable with ambiguity. Multimodal harms are often more subjective than text-only harms, and you can make consistent judgment calls without needing every case to be clear-cut. Qualifications & Skill Requirements - Proven ability to navigate complex model restrictions using creative evasion techniques—across text and visual input channels. - Proficiency with image manipulation and generation tools (Photoshop, GIMP, Stable Diffusion, Midjourney, or equivalent). You can create the adversarial content, not just describe it. - Background in content moderation, digital forensics, OSINT, offensive security, or red teaming is a major plus. - Familiarity with AI safety concepts: content policy taxonomies, harm severity frameworks, false refusal vs. false compliance tradeoffs. - Awareness of visual misinformation vectors: deepfakes, cheapfakes, manipulated screenshots, and synthetic media. - Experience with structured annotation workflows, rubric-driven evaluation, and inter-annotator agreement processes is a plus. - You don’t give up when a model says “I cannot fulfill this request.” You find a new angle—and when the text angle is exhausted, you try an image.

• Infrastructure Consolidation: Lead the technical merger of acquired entities into a single, hardened Arkenstone Microsoft 365 tenant. • Identity & Access (IAM): Own the Okta and Keeper environments. Automate onboarding and offboarding to ensure zero-day access removal. • SaaS Governance: Audit our current SaaS "bloat." Identify redundancies, negotiate licenses, and deduplicate our stack. • Endpoint Management: Transition our hardware fleet from manual tracking to a fully automated MDM solution that enforces encryption and compliance. • Security Operations: Act as the primary point of contact for our MSSP. Review security alerts, manage firewall updates, and oversee incident response. • Compliance & Documentation: Partner with engineering to document corporate products and address physical security requirements for FedRAMP and NIST 800-171. • Office & Helpdesk: Formalize the IT helpdesk experience. Oversee the IT build-out for new offices and manage local office tech maintenance.

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it’s at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose. Position Overview: We’re looking for an Offensive Security Engineer who excels at navigating ambiguity, uncovering weaknesses, and engineering solutions that elevate our security posture. You’ll combine technical ingenuity with practical problem‑solving, developing automation, tools, and methods that drive meaningful risk reduction. Our Impact: Freddie Mac's Information Security team is responsible for continuously testing the overall strength of our organization’s defenses (across all people, process, & technology) by simulating the objectives and actions of an attacker. Your Impact: In this role, you will contribute to a collaborative team as a subject matter expert focusing on advanced offensive security. You will design and implement AI-powered security tools, proactively address vulnerabilities, and champion secure engineering practices across the organization. What to Expect (Job Responsibilities) - Applications should bring expert level knowledge in one or more domains, including web applications, AI-powered business systems, cloud environments, etc. - Execute sophisticated red team assessments across diverse attack surfaces. - Partner with internal stakeholders to define engagement scope, success criteria, and translate complex technical findings into actionable business risk narratives - Research, develop, and maintain cutting-edge offensive security tools and automation frameworks to enhance team capabilities and operational efficiency Qualifications: - 8+ years of relevant experience - Proven ability to critically examine applications and identify, exploit, and remediate complex vulnerabilities - Proven ability to create automation workflows that scale to enterprise environments. - Demonstrated expertise in bypassing modern defensive controls and security measures to achieve assessment objectives - Demonstrate proficiency in chosen domain using public research, personal blog, active projects, bug bounty, and public disclosures. - Must be willing to work east coast hours Current Freddie Mac employees please apply through the internal career site. We consider all applicants for all positions without regard to gender, race, color, religion, national origin, age, marital status, veteran status, sexual orientation, gender identity/expression, physical and mental disability, pregnancy, ethnicity, genetic information or any other protected categories under applicable federal, state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. A safe and secure environment is critical to Freddie Mac’s business. This includes employee commitment to our acceptable use policy, applying a vigilance-first approach to work, supporting regulatory mandates, and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs. CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit www.BountyJobs.com and register with our referral code: MAC. Time-type:Full time FLSA Status:Exempt Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site. This position has an annualized market-based salary range of $150,000 - $224,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.