• Conduct comprehensive security assessments and vulnerability assessments of applications. • Perform software security evaluations, including code reviews and secure coding verification. • Utilize penetration testing tools to identify and validate vulnerabilities. • Develop and maintain threat models and execute security risk assessments. • Evaluate system security controls, identify vulnerabilities, and propose mitigation strategies. • Review applications against established vulnerability standards (OWASP Top 10). • Ensure deliverables align with DoD and Air Force cybersecurity policies. • Stay up to date with emerging security advisories and regulations. • Provide expert guidance on secure design principles and cloud security best practices. • Prepare detailed reports including assessment results and vulnerability findings.

• Lead the implementation and maintenance of the ICT risk management framework to meet CNMV and ESMA standards • Supervise and control ICT services provided by CEX.IO Ltd (UK), including cloud infrastructure, software development, and security operations • Identify, assess, and mitigate technological risks. Conduct annual reviews of the Business Impact Analysis (BIA) and the ICT Risk Assessment • Act as the ultimate authority for initiating the Incident Response Plan (IRP) for high and critical levels. Coordinate the notification of major incidents to the CNMV within mandated timelines (4h/72h/30 days) • Supervise critical ICT third-party service providers, with a focus on monitoring and ensuring compliance with agreed SLAs, RPOs, and RTOs • Oversee the security of crypto-asset custody solutions (Proprietary V2/V3 and external sub-custodians, like Coinbase). Ensure the integrity of MPC (Multi-Party Computation), HSM (Hardware Security Modules), and multisig signing processes. • Supervise the Secure Software Development Life Cycle and validate security testing in pre-production (UAT) environments before deployment • Approve and collaborate on operational resilience testing plans and specific tests regarding Distributed Ledger Technology (DLT) • Maintain a unified and centralized inventory of CEX.IO systems and infrastructure

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it’s at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Continue your career journey where your work contributes to a greater purpose. Position Overview: We’re looking for an Offensive Security Engineer who excels at navigating ambiguity, uncovering weaknesses, and engineering solutions that elevate our security posture. You’ll combine technical ingenuity with practical problem‑solving, developing automation, tools, and methods that drive meaningful risk reduction. Our Impact: Freddie Mac's Information Security team is responsible for continuously testing the overall strength of our organization’s defenses (across all people, process, & technology) by simulating the objectives and actions of an attacker. Your Impact: In this role, you will contribute to a collaborative team as a subject matter expert focusing on advanced offensive security. You will design and implement AI-powered security tools, proactively address vulnerabilities, and champion secure engineering practices across the organization. What to Expect (Job Responsibilities) - Applications should bring expert level knowledge in one or more domains, including web applications, AI-powered business systems, cloud environments, etc. - Execute sophisticated red team assessments across diverse attack surfaces. - Partner with internal stakeholders to define engagement scope, success criteria, and translate complex technical findings into actionable business risk narratives - Research, develop, and maintain cutting-edge offensive security tools and automation frameworks to enhance team capabilities and operational efficiency Qualifications: - 8+ years of relevant experience - Proven ability to critically examine applications and identify, exploit, and remediate complex vulnerabilities - Proven ability to create automation workflows that scale to enterprise environments. - Demonstrated expertise in bypassing modern defensive controls and security measures to achieve assessment objectives - Demonstrate proficiency in chosen domain using public research, personal blog, active projects, bug bounty, and public disclosures. - Must be willing to work east coast hours We consider all applicants for all positions without regard to gender, race, color, religion, national origin, age, marital status, veteran status, sexual orientation, gender identity/expression, physical and mental disability, pregnancy, ethnicity, genetic information or any other protected categories under applicable federal, state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site. This position has an annualized market-based salary range of $150,000 - $224,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.

About Lumen Lumen connects the world. We are igniting business growth by connecting people, data and applications – quickly, securely, and effortlessly. Together, we are building a culture and company from the people up – committed to teamwork, trust and transparency. People power progress. We’re looking for top-tier talent and offer the flexibility you need to thrive and deliver lasting impact. Join us as we digitally connect the world and shape the future. The Role The Senior Director of Security Architecture & Engineering leads cybersecurity architecture and engineering for Lumen’s Public Sector portfolio. This role owns the strategy and technical roadmap for federal security services, ensuring compliance with FISMA, FedRAMP High, NIST 800‑53, TIC 3.0, CMMC, and related requirements. You will guide cloud and network security architecture, secure design practices, and ongoing modernization efforts while partnering with executives, government stakeholders, and cross‑functional teams. This Senior Director role is a critical executive position that ensures Lumen’s public sector security services remain highly secure, compliant, and technically superior in a rapidly evolving landscape. The ideal candidate is a visionary leader who can marry deep technical expertise with strategic business insight – someone who can chart a course for the future of security solutions and galvanize teams to turn that vision into reality. If you are excited by the challenge of protecting government networks with state-of-the-art architectures and leading a talented team in delivering on that mission, we encourage you to apply. Location This is a remote position open to candidates based anywhere in the U.S. The Main Responsibilities - Set the vision and multi‑year roadmap for public‑sector security architecture and secure service delivery. - Provide executive oversight of network, cloud, identity, and data‑protection architectures aligned to FedRAMP and federal standards. - Lead compliance strategy across FISMA, RMF, FedRAMP ATOs, and continuous monitoring. - Represent Lumen as a senior technical SME with government CIO/CISO stakeholders and internal executives. - Drive modernization of security platforms, cloud migration, automation, and SOC/SIEM evolution. - Lead and develop a high‑performing team of security architects and engineers. - Partner closely with Product, Operations, Program Management, and Compliance to deliver secure, reliable, and compliant solutions. What We Look For in a Candidate - 15+ years in cybersecurity or network engineering; 5–7+ years leading security architecture for mission‑critical or regulated environments. - Deep expertise in federal compliance frameworks (FISMA, NIST RMF, FedRAMP, TIC 3.0, CMMC). - Broad technical mastery across cloud security, network architecture, identity, SIEM/SOC design, automation, and modern security platforms. - Strong executive communication and stakeholder‑management skills. - Proven ability to define strategy, build roadmaps, and drive cross‑functional execution. - Master’s degree required; CISSP/CISM preferred. U.S. citizenship and federal fuitability clearance required. Secret+ clearance preferred. - Financial acumen in budgeting, cost modeling, and investment planning. Compensation This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors. Location Based Pay Ranges: $171,447 - $228,596 in these states: AL, AR, AZ, FL, GA, IA, ID, IN, KS, KY, LA, ME, MO, MS, MT, ND, NE, NM, OH, OK, PA, SC, SD, TN, UT, VT, WI, WV, and WY. $180,020 - $240,026 in these states: CO, HI, MI, MN, NC, NH, NV, OR, and RI. $188,592 - $251,456 in these states: AK, CA, CT, DC, DE, IL, MA, MD, NJ, NY, TX, VA, and WA. Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. We're able to answer any additional questions you may have about our bonus structure (short-term incentives, long-term incentives and/or sales compensation) as you move through the selection process. Learn more about Lumen's: - Benefits - Bonus Structure #LI-Remote Requisition #: 341138 Background Screening If you are selected for a position, there will be a background screen, which may include checks for criminal records and/or motor vehicle reports and/or drug screening, depending on the position requirements. For more information on these checks, please refer to the Post Offer section of our FAQ page. Job-related concerns identified during the background screening may disqualify you from the new position or your current role. Background results will be evaluated on a case-by-case basis. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Equal Employment Opportunities We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training. Disclaimer The job responsibilities described above indicate the general nature and level of work performed by employees within this classification. It is not intended to include a comprehensive inventory of all duties and responsibilities for this job. Job duties and responsibilities are subject to change based on evolving business needs and conditions. In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information. Please be advised that Lumen does not require any form of payment from job applicants during the recruitment process. All legitimate job openings will be posted on our official website or communicated through official company email addresses. If you encounter any job offers that request payment in exchange for employment at Lumen, they are not for employment with us, but may relate to another company with a similar name.