• Job Description

  Req#: 88261
  Company Summary
  
  
  DISH, an EchoStar company, has been reimagining the future of connectivity for more than 40 years. Our business reach spans satellite television service, live-streaming and on-demand programming, smart home installation services, mobile plans and products and now we are building America’s First Smart Network™.
  
  Today, our brands include EchoStar, Hughes, DISH TV, Sling TV, Boost Mobile and Gen Mobile.
  
  Department Summary
  
  
  Our Technology teams challenge the status quo and reimagine capabilities across industries. Whether through research and development, technology innovation or solution engineering, our people play vital roles in connecting consumers with the products and platforms of tomorrow.
  
  Job Duties and Responsibilities
  
  
  We are looking for an Information Security Engineer to support our DevSecOps and Vulnerability Management teams. The primary responsibility of this role is development and management of scripts, data stores, and automation processes for interactions with security tooling used to collect, normalize, enrich, analyze, and report data/findings and associated metrics.
  This individual will also be responsible for working with development, deployment, release management, and platform engineering teams to develop security champions, integrate DevSecOps and Vulnerability Management tooling into their systems and workflows, and ensure their awareness and remediation of security concerns associated with their assets and processes.
  Key Responsibilities:
  • Development, maintenance, and use of scripts and automation processes for interactions with security tooling APIs involving collecting, normalizing, enriching, analyzing, prioritizing, and reporting data/findings and associated metrics. The ideal candidate has more than entry level proficiency writing scripts interacting with APIs and associated large data sets.
  • Design, creation, management, and use of databases and data sets related to collecting, normalizing, enriching, analyzing, prioritizing, and reporting security tooling data/findings and associated metrics. The ideal candidate has more than entry level proficiency with ETL (extract, transform, load) and analysis tasks involving large data sets.
  • Design and execute approaches for measuring the value and impact of DevSecOps & Vulnerability Management initiatives and help prepare and share impact/progress reporting with IT and Operations leadership.
  • Work with development, deployment, release management, and platform engineering teams, and other asset owners to integrate DevSecOps and Vulnerability Management tooling and requirements into their systems and workflows.
  • Providing guidance and support to users of DevSecOps and Vulnerability Management tooling.
  • Work with development, deployment, release management, and platform engineering teams to ensure their awareness and remediation of security concerns associated with their assets and processes.
  • Represent DevSecOps and Vulnerability Management reporting, metrics, and concerns in broader Information Security team meetings.
  • Establish, develop, and maintain relationships with development, deployment, release management, and platform engineering teams toward developing security champions and empowering security champions with to ensure alignment with, and execution of, security requirements and standards.
  Other Responsibilities:
  • Assist the Application Security Architecture team in providing evaluation, guidance, and onboarding support to development and operations teams regarding new applications.
  • Assist stakeholders with rapid understanding, impact assessment, and remediation of detected security issues; ensure efficient response.
  • Ensure stakeholders are able to fully leverage and maximize value/efficiency gains from security processes and tooling, allowing them to innovate rapidly and securely.
  • Reduce time to delivery of secure platforms through orchestration and automation.
  • Create and deliver security training and guidance.
  • Help identify and automate repetitive and/or manually time-consuming tasks.
  • Help research, select, test, and integrate security tooling.
  • Attend and host meetings and provide support in the form of targeted agendas, meeting notes, communications, and follow-up delivery.
  • Maintain relevant and current professional knowledge via in-house training, online resources, attendance at professional events, and personal investment in continued education and certification.
  • Monitor industry trends for changes, risks, releases, and advancements in Vulnerability Management, DevOps & DevSecOps, cloud computing and technologies, and development frameworks.
  • Work in tandem with other teams including Application Security Architecture, Security Architecture, Development, Deployment, Cloud Security, Cloud & Platform Engineering, SOC & Cyber Defense Operations, and other InfoSec and IT Operations Teams to identify and implement the most optimal solutions for the company and its customers.
  • Participate in special projects and perform other duties as assigned.
  
  Skills, Experience and Requirements
  
  
  Education:
  • B.S. / B.A. degree or equivalent required.
  Experience:
  • Required: 4+ yrs of professional experience with 2+ years of pertinent professional experience in Software Engineering, preferably focused on automation/integration.
  • Desired: Professional or Educational Experience in Information Security, preferably specific to Vulnerability Management, Application Security, DevSecOps, and/or Security Architecture
  • Desired: Professional or Educational Experience in DevOps and related technologies.
  Skills and qualifications:
  • Strong scripting/integration skills and substantial experience. Python mandatory. Bash, PowerShell, Go, JavaScript and/or similar also appreciated.
  • Strong database design & management skills and substantial experience.
  • Strong logic/design and problem solving skills.
  • Strong written and verbal communication skills and the ability to tailor communications effectively for peers, managers, vendors, partners, customers, and leaders.
  • Strong interpersonal skills.
  • Strong planning, time-management, task management, and prioritization skills.
  • Experience and comfort presenting to small groups and present complex technical topics to non-technical audiences.
  • Experience writing standard operating procedures, system requirements, or other technical documents.
  • Experience collaborating with cross-functional stakeholders to achieve a shared goal.
  • Working knowledge of software-defined lifecycles and deployments.
  • Experience with cloud automation tools such as GitLab, Jenkins, Puppet, Chef, Harness, Terraform, CloudFormation, Ansible, SALT, etc.
  • Familiarity with containerized technologies like Kubernetes, Docker, etc.
  • Familiarity with Cloud Architecture & Security design.
  • Knowledge of WAF, IDS/IPS, SIEM, SOAR, EDR, UEBA, Application Whitelisting, Vulnerability Management.
  • Familiarity with API development, tooling, and security.
  • Familiarity with Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), Pen Testing, and Secrets Detection. Familiarity with assessing results and remediating findings.
  • Knowledge of OWASP Top 10, OWASP API Top 10, SANS Top 25 CWE, KEV, and EPSS.
  • Experience with development and project management tooling such as Service Now, Confluence/Jira, or Rally.
  • Business process automation mindset and experience.
  • Strong commitment to continual education; continual effort to develop new skills and technical expertise including proactively organizing, summarizing, and sharing knowledge with others.
  • Intense curiosity; inquisitive, hungry for knowledge, and not afraid to challenge assumptions.
  • Takes pride in work and performance; strong drive to do your personal best in everything you do and expect the same from your teammates.
  • Adventurous; ability to be comfortable and thrive in an environment where our path is often unclear, changes frequently and requires us to challenge ourselves.
  • Have the drive, work ethic and discipline to always put the organization in a position to win.
  
  Salary Ranges
  
  Compensation: $72,400.00/Year - $137,500.00/Year
  Benefits
  
  
  We offer versatile health perks, including flexible spending accounts, HSA, a 401(k) Plan with company match, ESPP, career opportunities, and a flexible time away plan; all benefits can be viewed here: DISH Benefits .
  The base pay range shown is a guideline. Individual total compensation will vary based on factors such as qualifications, skill level, and competencies; compensation is based on the role's location and is subject to change based on work location. Candidates need to successfully complete a pre-employment screen, which may include a drug test and DMV check.
  The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled.
  
  
  Education:
  • B.S. / B.A. degree or equivalent required.
  Experience:
  • Required: 4+ yrs of professional experience with 2+ years of pertinent professional experience in Software Engineering, preferably focused on automation/integration.
  • Desired: Professional or Educational Experience in Information Security, preferably specific to Vulnerability Management, Application Security, DevSecOps, and/or Security Architecture
  • Desired: Professional or Educational Experience in DevOps and related technologies.
  Skills and qualifications:
  • Strong scripting/integration skills and substantial experience. Python mandatory. Bash, PowerShell, Go, JavaScript and/or similar also appreciated.
  • Strong database design & management skills and substantial experience.
  • Strong logic/design and problem solving skills.
  • Strong written and verbal communication skills and the ability to tailor communications effectively for peers, managers, vendors, partners, customers, and leaders.
  • Strong interpersonal skills.
  • Strong planning, time-management, task management, and prioritization skills.
  • Experience and comfort presenting to small groups and present complex technical topics to non-technical audiences.
  • Experience writing standard operating procedures, system requirements, or other technical documents.
  • Experience collaborating with cross-functional stakeholders to achieve a shared goal.
  • Working knowledge of software-defined lifecycles and deployments.
  • Experience with cloud automation tools such as GitLab, Jenkins, Puppet, Chef, Harness, Terraform, CloudFormation, Ansible, SALT, etc.
  • Familiarity with containerized technologies like Kubernetes, Docker, etc.
  • Familiarity with Cloud Architecture & Security design.
  • Knowledge of WAF, IDS/IPS, SIEM, SOAR, EDR, UEBA, Application Whitelisting, Vulnerability Management.
  • Familiarity with API development, tooling, and security.
  • Familiarity with Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), Pen Testing, and Secrets Detection. Familiarity with assessing results and remediating findings.
  • Knowledge of OWASP Top 10, OWASP API Top 10, SANS Top 25 CWE, KEV, and EPSS.
  • Experience with development and project management tooling such as Service Now, Confluence/Jira, or Rally.
  • Business process automation mindset and experience.
  • Strong commitment to continual education; continual effort to develop new skills and technical expertise including proactively organizing, summarizing, and sharing knowledge with others.
  • Intense curiosity; inquisitive, hungry for knowledge, and not afraid to challenge assumptions.
  • Takes pride in work and performance; strong drive to do your personal best in everything you do and expect the same from your teammates.
  • Adventurous; ability to be comfortable and thrive in an environment where our path is often unclear, changes frequently and requires us to challenge ourselves.
  • Have the drive, work ethic and discipline to always put the organization in a position to win.
  
  
  We are looking for an Information Security Engineer to support our DevSecOps and Vulnerability Management teams. The primary responsibility of this role is development and management of scripts, data stores, and automation processes for interactions with security tooling used to collect, normalize, enrich, analyze, and report data/findings and associated metrics.
  This individual will also be responsible for working with development, deployment, release management, and platform engineering teams to develop security champions, integrate DevSecOps and Vulnerability Management tooling into their systems and workflows, and ensure their awareness and remediation of security concerns associated with their assets and processes.
  Key Responsibilities:
  • Development, maintenance, and use of scripts and automation processes for interactions with security tooling APIs involving collecting, normalizing, enriching, analyzing, prioritizing, and reporting data/findings and associated metrics. The ideal candidate has more than entry level proficiency writing scripts interacting with APIs and associated large data sets.
  • Design, creation, management, and use of databases and data sets related to collecting, normalizing, enriching, analyzing, prioritizing, and reporting security tooling data/findings and associated metrics. The ideal candidate has more than entry level proficiency with ETL (extract, transform, load) and analysis tasks involving large data sets.
  • Design and execute approaches for measuring the value and impact of DevSecOps & Vulnerability Management initiatives and help prepare and share impact/progress reporting with IT and Operations leadership.
  • Work with development, deployment, release management, and platform engineering teams, and other asset owners to integrate DevSecOps and Vulnerability Management tooling and requirements into their systems and workflows.
  • Providing guidance and support to users of DevSecOps and Vulnerability Management tooling.
  • Work with development, deployment, release management, and platform engineering teams to ensure their awareness and remediation of security concerns associated with their assets and processes.
  • Represent DevSecOps and Vulnerability Management reporting, metrics, and concerns in broader Information Security team meetings.
  • Establish, develop, and maintain relationships with development, deployment, release management, and platform engineering teams toward developing security champions and empowering security champions with to ensure alignment with, and execution of, security requirements and standards.
  Other Responsibilities:
  • Assist the Application Security Architecture team in providing evaluation, guidance, and onboarding support to development and operations teams regarding new applications.
  • Assist stakeholders with rapid understanding, impact assessment, and remediation of detected security issues; ensure efficient response.
  • Ensure stakeholders are able to fully leverage and maximize value/efficiency gains from security processes and tooling, allowing them to innovate rapidly and securely.
  • Reduce time to delivery of secure platforms through orchestration and automation.
  • Create and deliver security training and guidance.
  • Help identify and automate repetitive and/or manually time-consuming tasks.
  • Help research, select, test, and integrate security tooling.
  • Attend and host meetings and provide support in the form of targeted agendas, meeting notes, communications, and follow-up delivery.
  • Maintain relevant and current professional knowledge via in-house training, online resources, attendance at professional events, and personal investment in continued education and certification.
  • Monitor industry trends for changes, risks, releases, and advancements in Vulnerability Management, DevOps & DevSecOps, cloud computing and technologies, and development frameworks.
  • Work in tandem with other teams including Application Security Architecture, Security Architecture, Development, Deployment, Cloud Security, Cloud & Platform Engineering, SOC & Cyber Defense Operations, and other InfoSec and IT Operations Teams to identify and implement the most optimal solutions for the company and its customers.
  • Participate in special projects and perform other duties as assigned.

• About the company

  Our adventure began by changing the way people watched TV, bringing DISH to where big cable wouldn’t: rural America. Since then, we have reinvented ourselves and our own industry with SLING TV to give millions of consumers more choice in entertainment. Today, we’ve officially entered the consumer wireless industry as the fourth largest wireless provider with our acquisitions of Boost Mobile, Ting Mobile and Republic Wireless — but that’s just the start. We’re building America’s first cloud-native 5G network to transform the way we live, work and play with unlimited possibilities.

Notice