Job Information
DISH Network Information Security Engineer in LITTLETON, Colorado
Company Summary
DISH, an EchoStar company, has been reimagining the future of connectivity for more than 40 years. Our business reach spans satellite television service, live-streaming and on-demand programming, smart home installation services, mobile plans and products and now we are building America’s First Smart Network™.
Today, our brands include EchoStar, Hughes, DISH TV, Sling TV, Boost Mobile and Gen Mobile.
Department Summary
Our Technology teams challenge the status quo and reimagine capabilities across industries. Whether through research and development, technology innovation or solution engineering, our people play vital roles in connecting consumers with the products and platforms of tomorrow.
Job Duties and Responsibilities
We are looking for an Information Security Engineer to support our DevSecOps and Vulnerability Management teams. The primary responsibility of this role is development of scripts and automation processes for interactions with security tooling to collect, normalize, enrich, analyze, and report data/findings and associated metrics.
This individual will also be responsible for creating and leveraging relationships with development, deployment, release management, and platform engineering teams to develop security champions, integrate DevSecOps and Vulnerability Management tooling into their systems and workflows, and ensure their awareness and remediation of security concerns associated with their assets and processes.
Key Responsibilities:
Development, maintenance, and use of scripts and automation processes for interactions with security tooling to collect, normalize, enrich, analyze, prioritize, and report data/findings and associated metrics.
Work with development, deployment, release management, and platform engineering teams, and other asset owners to integrate DevSecOps and Vulnerability Management tooling into their systems and workflows and provide guidance and support to users of DevSecOps and Vulnerability Management tooling
Work with development, deployment, release management, and platform engineering teams to ensure their awareness and remediation of security concerns associated with their assets and processes
Represent DevSecOps and Vulnerability Management reporting, metrics, and concerns in broader Information Security team meetings
Establish, develop, and maintain relationships with development, deployment, release management, and platform engineering teams toward developing security champions and empowering, coaching, and supporting them as necessary to ensure alignment with, and execution of, security requirements and standards
Other Responsibilities:
Design and execute approaches for measuring the value and impact of DevSecOps & Vulnerability Management initiatives and help prepare and share impact/progress reporting with IT and Operations leadership
Assist the Application Security Architecture team in providing evaluation, guidance, and onboarding support to development and operations teams regarding new applications
Assist stakeholders with rapid understanding, impact assessment, and remediation of detected security issues; ensure efficient response
Ensure stakeholders are able to fully leverage and maximize value/efficiency gains from security processes and tooling, allowing them to innovate rapidly and securely.
Reduce time to delivery of secure platforms through orchestration and automation
Create and deliver security training and guidance.
Help identify and automate repetitive and/or manually time-consuming tasks
Help research, select, test, and integrate security tooling.
Attend and host meetings and provide support in the form of targeted agendas, meeting notes, communications, and follow-up delivery
Maintain relevant and current professional knowledge via in-house training, online resources, attendance at professional events, and personal investment in continued education and certification
Monitor industry trends for changes, risks, releases, and advancements in Vulnerability Management, DevOps & DevSecOps, cloud computing and technologies, and development frameworks
Work in tandem with other teams including Application Security Architecture, Security Architecture, Development, Deployment, Cloud Security, Cloud & Platform Engineering, SOC & Cyber Defense Operations, and other InfoSec and IT Operations Teams to identify and implement the most optimal solutions for the company and its customers
Participate in special projects and perform other duties as assigned
Skills, Experience and Requirements
Work Environment Expectations:
This is a full-time in-office position in Littleton, CO.
Days and hours of work typically Monday through Friday; 8:00 a.m. to 5:00 p.m. or 9:00 a.m. to 6:00 p.m.
Work Attire: Business Casual
Education and Experience:
B.S. / B.A. degree or equivalent required
Required: 4+ yrs of professional experience with 2+ years of pertinent professional experience in Software Engineering, preferably focused on automation/integration
Desired: Professional or Educational Experience in Information Security, preferably specific to Vulnerability Management, Application Security, DevSecOps, and/or Security Architecture
Desired: Professional or Educational Experience in DevOps and related technologies
Skills and Qualifications:
Strong scripting/integration skills and substantial experience. Python mandatory. Bash, PowerShell, Go, JavaScript and/or similar also appreciated
Strong logic/design and problem solving skills
Strong written and verbal communication skills and the ability to tailor communications effectively for peers, managers, vendors, partners, customers, and leaders
Strong interpersonal skills
Strong planning, time-management, task management, and prioritization skills
Experience and comfort presenting to small groups and present complex technical topics to non-technical audiences
Experience writing standard operating procedures, system requirements, or other technical documents
Experience collaborating with cross-functional stakeholders to achieve a shared goal
Working knowledge of software-defined lifecycles and deployments
Experience with cloud automation tools such as GitLab, Jenkins, Puppet, Chef, Harness, Terraform, CloudFormation, Ansible, SALT, etc
Familiarity with containerized technologies like Kubernetes, Docker, etc
Familiarity with Cloud Architecture & Security design.
Knowledge of WAF, IDS/IPS, SIEM, SOAR, EDR, UEBA, Application Whitelisting, Vulnerability Management
Familiarity with API development, tooling, and security
Familiarity with Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), Pen Testing, and Secrets Detection
Familiarity with assessing results and remediating findings
Knowledge of OWASP Top 10, OWASP API Top 10, SANS Top 25 CWE, KEV, and EPSS
Experience with development and project management tooling such as Service Now, Confluence/Jira, or Rally
Business process automation mindset and experience
Strong commitment to continual education; continual effort to develop new skills and technical expertise including proactively organizing, summarizing, and sharing knowledge with others
Intense curiosity; inquisitive, hungry for knowledge, and not afraid to challenge assumptions
Takes pride in work and performance; strong drive to do your personal best in everything you do and expect the same from your teammates
Adventurous; ability to be comfortable and thrive in an environment where our path is often unclear, changes frequently and requires us to challenge ourselves.
Have the drive, work ethic and discipline to always put the organization in a position to win
Salary Ranges
Compensation: $72,400.00/Year - $137,500.00/Year
Benefits
We offer versatile health perks, including flexible spending accounts, HSA, a 401(k) Plan with company match, ESPP, career opportunities, and a flexible time away plan; all benefits can be viewed here: DISH Benefits .
The base pay range shown is a guideline. Individual total compensation will vary based on factors such as qualifications, skill level, and competencies; compensation is based on the role's location and is subject to change based on work location. Candidates need to successfully complete a pre-employment screen, which may include a drug test and DMV check.
The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled.