Senior Security Engineer - Penetration Testing

Company Summary
DISH Network Technologies, an EchoStar company, has been reimagining the future of connectivity for more than 40 years. Our business reach spans satellite television service, live-streaming and on-demand programming, smart home installation services, mobile plans and products and now we are building America's First Smart Network™.
Today, our brands include EchoStar, Hughes, DISH TV, Sling TV, Boost Mobile and Gen Mobile
Department Summary
Our Technology teams challenge the status quo and reimagine capabilities across industries. Whether through research and development, technology innovation or solution engineering, our people play vital roles in connecting consumers with the products and platforms of tomorrow.
Job Duties and Responsibilities

• Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.
• Execute manual and automated code analysis to assess the quality and security of source code.
• Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.
• Develop custom tools and exploits.
• Analyze security findings, including risk analysis and root cause analysis.
• Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.
• Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
• Execute verification and validation testing for customer mitigations and fixes.

Skills, Experience and Requirements

• 4+ years of hands-on experience manual pen testing in Web, mobile and API
• Expertise in performing advanced exploitation and post-exploitation attacks
• Prior experience or expertise performing Red team exercises will be a plus
• Experience in writing proof-of-concept exploits and creating custom payloads and modules for common ethical hacking frameworks and tools
• Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws
• Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON).
• Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.
• Experience developing actionable intelligence based on open source intelligence (OSINT) gathering.
• Proficiency in one or more scripting languages. E.g. Perl, Python, Shell Scripting etc.
• Prior experience with reverse engineering, malware analysis and forensic tools will be an added advantage
• Solid understanding of OWASP testing methodology.
• Should have an Engineering degree, CEH, OSC, CEPT certification are good to have.

Benefits

• Insurance and Wellbeing
• Financial & Retiral Benefit Program
• Mental Wellbeing
• Employee Stock Purchase Program (ESPP)
• Professional Development Reimbursement
• Time Off
• Team Outings